logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2012-5764: IBM WebSphere Commerce password information disclosure

Description

IBM WebSphere Commerce could allow a local authenticated attacker to obtain sensitive information. When WebSphere Commerce V7.0 Feature Pack 5 is configured with Bazaarvoice, two plain text passwords could be present in a configuration file that could be accessible to a local user that has access to the server. An attacker could exploit this vulnerability to launch further attacks against the affected system.