Information Disclosure Vulnerability in IBM WebSphere Commerce Suite
CVE-2009-2956

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Commerce Suite
Vendor: CVE Published:; 24 August 2009

Summary

The Net.Commerce and Net.Data components of IBM WebSphere Commerce Suite exhibit a flaw that permits unauthorized access to sensitive information. By failing to enforce adequate access controls, the system allows remote attackers to exploit direct requests for configuration files, which may result in the exposure of critical passwords and details about the underlying database and filesystem. Organizations using this software should take immediate steps to secure these components to prevent potential data breaches.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/52616

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Aug 24, 2009
Vulnerability Reserved
Aug 24, 2009