IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 does not properly implement Activity Token authentication for Web Services, which has unspecified impact and attack vectors.
https://exchange.xforce.ibmcloud.com/vulnerabilities/69838
http://www.securityfocus.com/bid/49643
http://www.ibm.com/support/docview.wss?uid=swg24030908