Sensitive Information Exposure in IBM WebSphere Message Broker
CVE-2009-0503

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Message Broker
Vendor: CVE Published:; 13 February 2009

Summary

IBM WebSphere Message Broker versions prior to 6.1.0.2 exhibit a vulnerability where the database connection password is logged during exception handling of JDBC errors. This flaw permits local users to access sensitive information by viewing these logs, potentially leading to unauthorized access to database resources. It is crucial for users to ensure proper logging controls and implement security measures to prevent this information leak.

References

http://www-01.ibm.com/support/docview.wss?rs=849&uid=swg2...

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2009/0460

vdb-entryx_refsource_VUPEN

http://www.securitytracker.com/id?1021735

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Feb 13, 2009
Vulnerability Reserved
Feb 10, 2009