IBM WebSphere Commerce Database Update Default User Information Disclosure

medium Nessus Network Monitor Plugin ID 2461

Synopsis

The remote host is vulnerable to a flaw that allows attackers to retrieve sensitive files or data.

Description

The remote WebSphere webserver is vulnerable to an information leak. User information is sometimes stored under the profile of the 'default' user. Unintended users may gain access to this information and use the information to elevate privileges on the remote machine. It is also possible that the default user account may disclose information regarding other users.

Solution

Upgrade or patch according to vendor recommendations.

Plugin Details

Severity: Medium

ID: 2461

Family: Web Servers

Published: 12/16/2004

Updated: 3/6/2019

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:U/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:websphere_application_server

Reference Information

BID: 11816