Remote Information Disclosure in IBM WebSphere Commerce Products
CVE-2016-0225

4.9MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
29 February 2016

Summary

In IBM WebSphere Commerce, an issue exists that allows remote authenticated Commerce Accelerator administrators to access sensitive information through unspecified vectors. This vulnerability affects the 6.x series up to version 6.0.0.11 and the 7.x series up to version 7.0.0.9, posing a risk to the confidentiality of data managed by these platforms.

References

CVSS V3.1

Score:
4.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.