TITLE: IBM WebSphere Commerce Customer Information Disclosure
SECUNIA ADVISORY ID: SA13234
VERIFY ADVISORY: http://secunia.com/advisories/13234/
CRITICAL: Less critical
IMPACT: Exposure of sensitive information
WHERE: Local system
SOFTWARE: IBM WebSphere Commerce 5.x http://secunia.com/product/4277/
DESCRIPTION: A security issue has been reported in IBM WebSphere Commerce, which potentially may disclose customer information.
The problem reportedly exists if store views update the database or directly invoke commands that perform the database update, which may result in customer information being stored under the default user.
The security issue has been reported in versions 5.1, 5.4, 5.5, and 5.6.
SOLUTION: Follow the steps in the original vendor advisory to determine if systems are affected.
Customers with affected systems are urged to contact WebSphere Commerce support for details on how to resolve this issue.
PROVIDED AND/OR DISCOVERED BY: Reported by vendor.
ORIGINAL ADVISORY: http://www-1.ibm.com/support/docview.wss?uid=swg21187876
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.