CVE-2013-2951

Name of the Vulnerable Software and Affected Versions IBM WebSphere Portal versions 7.0.0.x through 8.0.0.x

Description The issue allows local users to obtain sensitive information by reading a trace file when tracing is enabled for the Selfcare Portlet (Profile Management). This is because passwords are written to the trace file.

Recommendations For versions 7.0.0.x through 8.0.0.x, consider disabling the tracing feature for the Selfcare Portlet (Profile Management) to prevent sensitive information from being written to the trace file. Restrict access to the trace file to minimize the risk of exploitation.