[SA13234] IBM WebSphere Commerce Customer Information Disclosure

2004-12-04T00:00:00
ID SECURITYVULNS:DOC:7288
Type securityvulns
Reporter Securityvulns
Modified 2004-12-04T00:00:00

Description

TITLE: IBM WebSphere Commerce Customer Information Disclosure

SECUNIA ADVISORY ID: SA13234

VERIFY ADVISORY: http://secunia.com/advisories/13234/

CRITICAL: Less critical

IMPACT: Exposure of sensitive information

WHERE: Local system

SOFTWARE: IBM WebSphere Commerce 5.x http://secunia.com/product/4277/

DESCRIPTION: A security issue has been reported in IBM WebSphere Commerce, which potentially may disclose customer information.

The problem reportedly exists if store views update the database or directly invoke commands that perform the database update, which may result in customer information being stored under the default user.

The security issue has been reported in versions 5.1, 5.4, 5.5, and 5.6.

SOLUTION: Follow the steps in the original vendor advisory to determine if systems are affected.

Customers with affected systems are urged to contact WebSphere Commerce support for details on how to resolve this issue.

PROVIDED AND/OR DISCOVERED BY: Reported by vendor.

ORIGINAL ADVISORY: http://www-1.ibm.com/support/docview.wss?uid=swg21187876


About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.