PT-2009-5300 · Ibm · Ibm Websphere Commerce Suite

Publicado

2009-08-24

Atualizado

2017-08-17

CVE-2009-2956

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Commerce Suite (affected versions not specified)

Description: The issue concerns the Net.Commerce and Net.Data components in IBM WebSphere Commerce Suite, where sensitive information is stored under the web root with insufficient access control. This allows remote attackers to discover passwords, and database and filesystem details by making direct requests for configuration files.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2009-2956

Produtos afetados

Ibm Websphere Commerce Suite

PT-2009-5300 · Ibm · Ibm Websphere Commerce Suite

CVE-2009-2956

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2