You are here

U-272: IBM WebSphere Commerce User Information Disclosure Vulnerability

October 2, 2012 - 6:00am

Addthis

PROBLEM:

IBM WebSphere Commerce User Information Disclosure Vulnerability

PLATFORM:

WebSphere Commerce Versions 6.0.0.0 to 6.0.0.11
WebSphere Commerce Versions 7.0.0.0 to 7.0.0.6

ABSTRACT:

A vulnerability in WebSphere Commerce could allow disclosure of user personal data.

reference LINKS:

IBM Security Bulletin 1612484
X-Force Vulnerability Database  (78867)
Secunia Advisory SA50821
CVE-2012-4830

IMPACT ASSESSMENT:

Medium

Discussion:

A remote unauthenticated attacker could exploit a security vulnerability in WebSphere Commerce to expose user personal data. The attack can be performed manually and the effort required is comparatively low.

Impact:

A vulnerability has been reported in WebSphere Commerce, which can be exploited by malicious people to gain knowledge of sensitive information.

Solution:

Refer to IBM Security Bulletin 1612484 for patch, upgrade or suggested workaround information.
 

Addthis