CVE-2010-1650 — IBM Websphere Application Server vulnerability

CWE-3103 documents3 sources

Severity

1.9LOWNVD

EPSS

0.1%

top 77.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server

Timeline

PublishedMay 3

Latest updateMay 17

Description

IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace option (aka debugging mode) is enabled, executes debugging statements that print string representations of unspecified objects, which allows attackers to obtain sensitive information by reading the trace output.

CVSS vector

AV:L/AC:M/C:P/I:N/A:NExploitability: 3.4 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/websphere_application_server94 versions+93

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-92f2-pjcm-r9x8: IBM WebSphere Application Server (WAS) 6↗2022-05-17

▶

CVEList

CVE-2010-1650: IBM WebSphere Application Server (WAS) 6↗2010-04-30

▶