IBM WebSphere Commerce Database Update Default User Information Disclosure

Medium Nessus Network Monitor Plugin ID 2461


The remote host is vulnerable to a flaw that allows attackers to retrieve sensitive files or data.


The remote WebSphere webserver is vulnerable to an information leak. User information is sometimes stored under the profile of the 'default' user. Unintended users may gain access to this information and use the information to elevate privileges on the remote machine. It is also possible that the default user account may disclose information regarding other users.


Upgrade or patch according to vendor recommendations.

Plugin Details

Severity: Medium

ID: 2461

Family: Web Servers

Published: 2004/12/16

Modified: 2018/09/16

Dependencies: 1442

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:U/RL:U/RC:C


Base Score: 5.3

Temporal Score: 4.8


Temporal Vector: CVSS3#E:U/RL:U/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:websphere_application_server

Reference Information

BID: 11816