CVE-2014-6211

Name of the Vulnerable Software and Affected Versions IBM WebSphere Commerce versions 6.0 through 6.0.0.11 IBM WebSphere Commerce versions 7.0 through 7.0.0.9 IBM WebSphere Commerce versions 7.0 Feature Pack 2 through 8

Description The issue concerns the command-line scripts in IBM WebSphere Commerce. When debugging is configured, these scripts do not properly restrict the logging of personal data. This allows local users to obtain sensitive information by reading a log file.

Recommendations For versions 6.0 through 6.0.0.11, consider disabling the debugging configuration to prevent the logging of personal data. For versions 7.0 through 7.0.0.9, restrict access to log files to minimize the risk of sensitive information disclosure. For versions 7.0 Feature Pack 2 through 8, avoid configuring debugging to prevent the exposure of personal data.