CVE-2011-5066

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server versions prior to 6.1.0.41

Description The issue concerns the SibRaRecoverableSiXaResource class in the Default Messaging Component, which does not properly handle a Service Integration Bus dump operation involving the First Failure Data Capture introspection code. This allows local users to obtain sensitive information by reading the FFDC log file.

Recommendations For versions prior to 6.1.0.41, update to version 6.1.0.41 or later to resolve the issue.