CVE-2010-1650

high

Description

IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace option (aka debugging mode) is enabled, executes debugging statements that print string representations of unspecified objects, which allows attackers to obtain sensitive information by reading the trace output.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/58323

http://www.vupen.com/english/advisories/2010/0994

http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247

http://www-01.ibm.com/support/docview.wss?uid=swg1PM06839

http://secunia.com/advisories/39628

Details

Source: Mitre, NVD

Published: 2010-05-03

Updated: 2017-08-17

Risk Information

CVSS v2

Base Score: 1.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High