PROBLEM:
IBM WebSphere Commerce User Information Disclosure Vulnerability
PLATFORM:
WebSphere Commerce Versions 6.0.0.0 to 6.0.0.11
WebSphere Commerce Versions 7.0.0.0 to 7.0.0.6
ABSTRACT:
A vulnerability in WebSphere Commerce could allow disclosure of user personal data.
reference LINKS:
IBM Security Bulletin 1612484
X-Force Vulnerability Database (78867)
Secunia Advisory SA50821
CVE-2012-4830
IMPACT ASSESSMENT:
Medium
Discussion:
A remote unauthenticated attacker could exploit a security vulnerability in WebSphere Commerce to expose user personal data. The attack can be performed manually and the effort required is comparatively low.
Impact:
A vulnerability has been reported in WebSphere Commerce, which can be exploited by malicious people to gain knowledge of sensitive information.
Solution:
Refer to IBM Security Bulletin 1612484 for patch, upgrade or suggested workaround information.