The WebAdmin context for WebSphere Message Broker Version 8 allows directory listings.
CVEID: CVE-2016-6080**
DESCRIPTION:** The WebAdmin context for WebSphere Message Broker allows directory listings, which could disclose sensitive information to the attacker.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/117560 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
WebSphere Message Broker V8
Product
| VRMF|APAR|Remediation/Fix
—|—|—|—
WebSphere Message Broker | V8| IT16698| The APAR is available in Fix Pack 8.0.0.8
<https://www-304.ibm.com/support/docview.wss?uid=swg24042925>
For unsupported versions of the product, IBM recommends upgrading to a fixed, supported version/release/platform of the product.
The planned maintenance release dates for WebSphere Message Broker and IBM Integration Bus are available at :
http://www.ibm.com/support/docview.wss?uid=swg27006308
None
CPE | Name | Operator | Version |
---|---|---|---|
websphere message broker | eq | 8.0 |