Information Disclosure in IBM WebSphere Commerce Command-Line Scripts
CVE-2014-6211

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Commerce
Vendor: CVE Published:; 20 May 2015

Summary

In IBM WebSphere Commerce, specifically in command-line scripts across various versions, a configuration oversight during debugging can lead to improper logging of sensitive personal data. This vulnerability enables local users to access and read log files, potentially exposing confidential information to unauthorized individuals. Organizations using affected versions should ensure proper configuration and implement necessary safeguards to prevent unauthorized access to these logs.

References

http://www.securitytracker.com/id/1032248

vdb-entryx_refsource_SECTRACK

http://www-01.ibm.com/support/docview.wss?uid=swg1JR52983

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg1JR52117

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability published
May 20, 2015
Vulnerability Reserved
Sep 2, 2014