Security Bulletin: WebSphere Commerce vulnerability could allow disclosure of user personal data (CVE-2013-0523)
Some WebSphere Commerce data may be encrypted using an encryption algorithm that is susceptible to a padding oracle attack which may allow for the disclosure of user personal data.
Affected product(s) and version(s):
WebSphere Commerce versions 220.127.116.11 to 18.104.22.168
WebSphere Commerce versions 22.214.171.124 to 126.96.36.199
WebSphere Commerce 188.8.131.52 to 184.108.40.206
Refer to the following reference URLs for remediation and additional vulnerability details.