Information Disclosure Vulnerability in IBM WebSphere Commerce
CVE-2015-5015

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Commerce Enterprise
Vendor: CVE Published:; 8 November 2015

What is CVE-2015-5015?

IBM WebSphere Commerce versions 7.0.0.9 and 8.x prior to Feature Pack 8 are susceptible to an information disclosure vulnerability. This flaw allows remote attackers to exploit a crafted REST URL, potentially leading to the exposure of sensitive information. Organizations using the affected versions should assess their risk and consider updating to the latest feature pack to mitigate the risk of unauthorized data access.

References

http://www-01.ibm.com/support/docview.wss?uid=swg24041027

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1JR53970

vendor-advisoryx_refsource_AIXAPAR

http://www.securitytracker.com/id/1034104

vdb-entryx_refsource_SECTRACK

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 8, 2015
Vulnerability Reserved
Jun 24, 2015