CVE-2016-5894

CWE-200 — Information Exposure3 documents3 sources

Severity

5.1MEDIUM

EPSS

0.1%

top 82.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Corporation Websphere Commerce Enterprise IBM Websphere Commerce

Timeline

PublishedMar 8

Latest updateMay 13

Description

IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 is vulnerable to information disclosure vulnerability. A local user could view a plain text password in a Unix console. IBM Reference #: 1997408.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 1.4 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ibm_corporation/websphere_commerce_enterprise7.0, 8.0+1

▶NVDibm/websphere_commerce42 versions+41

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-9xhp-r5x3-pvv6: IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7↗2022-05-13

▶

CVEList

CVE-2016-5894: IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7↗2017-03-08

▶