IBM WebSphere Commerce 7.0 uses the same cryptographic key for session attributes and merchant data encryption, which has unspecified impact and remote attack vectors.Referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/56089http://www-1.ibm.com/support/docview.wss?uid=swg1JR35136http://www-01.ibm.com/support/docview.wss?uid=swg21418443
