Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

IBM WebSphere Commerce Database Update Default User Information Disclosure

Medium

Synopsis

The remote host is vulnerable to a flaw that allows attackers to retrieve sensitive files or data.

Description

The remote WebSphere webserver is vulnerable to an information leak. User information is sometimes stored under the profile of the 'default' user. Unintended users may gain access to this information and use the information to elevate privileges on the remote machine. It is also possible that the default user account may disclose information regarding other users.

Solution

Upgrade or patch according to vendor recommendations.