| VID |
22313 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The WebSphere Application server, according to its banner, has an information disclosure vulnerability. IBM WebSphere Commerce versions 5.1, 5.4, 5.5, and 5.6 could disclose sensitive information. This vulnerability exists if store views update the database or directly invoke commands that perform the database update, which may result in customer information being stored under the default user.
* Note: This check solely relied on the banner of the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www-1.ibm.com/support/docview.wss?uid=swg21187876
http://secunia.com/advisories/13234/
* Platforms Affected:
IBM WebSphere Commerce Suite 5.1
IBM WebSphere Commerce Suite 5.4
IBM WebSphere Commerce Suite 5.5
IBM WebSphere Commerce Suite 5.6
Any operating system Any version |
| Recommendation |
WebSphere Commerce fixes can be obtained by contacting the vendor.
Follow the steps in the following IBM Security Update to determine if systems are affected:
http://www-1.ibm.com/support/docview.wss?uid=swg21187876 |
| Related URL |
(CVE) |
| Related URL |
11816 (SecurityFocus) |
| Related URL |
18361 (ISS) |
|
