CVE-2014-6211Sensitive Information Exposure in IBM Websphere Commerce

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
2.1LOWNVD
EPSS
0.1%
top 82.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Commerce
Timeline
PublishedMay 20
Latest updateMay 13

Description

The command-line scripts in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 2 through 8, when debugging is configured, do not properly restrict the logging of personal data, which allows local users to obtain sensitive information by reading a log file.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

NVDibm/websphere_commerce22 versions+21

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-cx5h-84fx-rr8r: The command-line scripts in IBM WebSphere Commerce 62022-05-13
CVEList
CVE-2014-6211: The command-line scripts in IBM WebSphere Commerce 62015-05-20
CVE-2014-6211 — Sensitive Information Exposure in IBM | cvebase