CVE-2011-5066 — Sensitive Information Exposure in IBM Websphere Application Server

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 84.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server

Timeline

PublishedJan 15

Latest updateMay 17

Description

The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 does not properly handle a Service Integration Bus (SIB) dump operation involving the First Failure Data Capture (FFDC) introspection code, which allows local users to obtain sensitive information by reading the FFDC log file.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/websphere_application_server31 versions+30

🔴Vulnerability Details

GHSA

GHSA-hcc5-5wqj-6mg5: The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6↗2022-05-17

▶

CVEList

CVE-2011-5066: The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6↗2012-01-15

▶