Design/Logic Flaw

2009-02-1022:30:00

PRIOn knowledge base

www.prio-n.com

5.7 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.8%

JSON

PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.31, 6.1.x before 6.1.0.21, and 7.0.x before 7.0.0.1, when Performance Monitoring Infrastructure (PMI) is enabled, allows local users to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2008-5413.

CPENameOperatorVersion
websphere_application_servereq6.1.0.21
websphere_application_servereq6.1
websphere_application_servereq6.1.0.19
websphere_application_servereq6.0.2.1
websphere_application_servereq6.0.2.5
websphere_application_servereq6.0.0.3
websphere_application_servereq6.1.0.2
websphere_application_servereq6.0.1.15
websphere_application_servereq6.0.1.3
websphere_application_servereq6.0.2.13

Name	Operator	Version
websphere_application_server	eq	6.1.0.21
websphere_application_server	eq	6.1
websphere_application_server	eq	6.1.0.19
websphere_application_server	eq	6.0.2.1
websphere_application_server	eq	6.0.2.5
websphere_application_server	eq	6.0.0.3
websphere_application_server	eq	6.1.0.2
websphere_application_server	eq	6.0.1.15
websphere_application_server	eq	6.0.1.3
websphere_application_server	eq	6.0.2.13