Remote Information Disclosure in IBM WebSphere Commerce Products
CVE-2016-0225
4.9MEDIUM
Summary
In IBM WebSphere Commerce, an issue exists that allows remote authenticated Commerce Accelerator administrators to access sensitive information through unspecified vectors. This vulnerability affects the 6.x series up to version 6.0.0.11 and the 7.x series up to version 7.0.0.9, posing a risk to the confidentiality of data managed by these platforms.
References
CVSS V3.1
Score:
4.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved