Information Disclosure in IBM WebSphere Commerce Products
CVE-2016-5894

5.1MEDIUM

Key Information:

Vendor

IBM
Status
Websphere Commerce Enterprise
Vendor
CVE Published:
8 March 2017

What is CVE-2016-5894?

IBM WebSphere Commerce versions 7.0 and 8.0 are affected by a vulnerability that allows a local user to access sensitive information. Specifically, this flaw can lead to the disclosure of a plain text password within a Unix console, potentially exposing critical authentication details. It is crucial for users of affected versions to apply relevant security measures to mitigate risks associated with this vulnerability. For more information, refer to IBM's documentation and security advisories.

Affected Version(s)

WebSphere Commerce Enterprise 7.0

WebSphere Commerce Enterprise 8.0

References

http://www.ibm.com/support/docview.wss?uid=swg21997408
x_refsource_CONFIRM
http://www.securitytracker.com/id/1037962
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/96624
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.1
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.