PT-2009-5300 · Ibm · Ibm Websphere Commerce Suite

Published

2009-08-24

Updated

2017-08-17

CVE-2009-2956

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Commerce Suite (affected versions not specified)

Description: The issue concerns the Net.Commerce and Net.Data components in IBM WebSphere Commerce Suite, where sensitive information is stored under the web root with insufficient access control. This allows remote attackers to discover passwords, and database and filesystem details by making direct requests for configuration files.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2009-2956

Affected Products

Ibm Websphere Commerce Suite

PT-2009-5300 · Ibm · Ibm Websphere Commerce Suite

CVE-2009-2956

Weakness Enumeration

Related Identifiers

Affected Products

References · 2