IBM WebSphere Commerce Database Update Default User Information Disclosure
Medium Nessus Network Monitor Plugin ID 2461
SynopsisThe remote host is vulnerable to a flaw that allows attackers to retrieve sensitive files or data.
DescriptionThe remote WebSphere webserver is vulnerable to an information leak. User information is sometimes stored under the profile of the 'default' user. Unintended users may gain access to this information and use the information to elevate privileges on the remote machine. It is also possible that the default user account may disclose information regarding other users.
SolutionUpgrade or patch according to vendor recommendations.