Information Disclosure in IBM WebSphere Commerce Products
CVE-2016-5894

5.1MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
8 March 2017

Summary

IBM WebSphere Commerce versions 7.0 and 8.0 are affected by a vulnerability that allows a local user to access sensitive information. Specifically, this flaw can lead to the disclosure of a plain text password within a Unix console, potentially exposing critical authentication details. It is crucial for users of affected versions to apply relevant security measures to mitigate risks associated with this vulnerability. For more information, refer to IBM's documentation and security advisories.

Affected Version(s)

WebSphere Commerce Enterprise 7.0

WebSphere Commerce Enterprise 8.0

References

CVSS V3.1

Score:
5.1
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.