Security Bulletin: WebSphere Commerce vulnerability could allow disclosure of user personal data (CVE-2013-0523)
Some WebSphere Commerce data may be encrypted using an encryption algorithm that is susceptible to a padding oracle attack which may allow for the disclosure of user personal data.
Affected product(s) and version(s):
WebSphere Commerce versions 184.108.40.206 to 220.127.116.11
WebSphere Commerce versions 18.104.22.168 to 22.214.171.124
WebSphere Commerce 126.96.36.199 to 188.8.131.52
Refer to the following reference URLs for remediation and additional vulnerability details.