IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 does not properly implement Activity Token authentication for Web Services, which has unspecified impact and attack vectors.

More... (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3577)