Lucene search
MitreCVE-2009-2956HistoryAug 24, 2009 - 3:30 p.m.
CVE-2009-2956
2009-08-2415:30:00
CWE-200
mitre
web.nvd.nist.gov
24
ibm
websphere
commerce suite
information security
sensitive information
access control
vulnerability
cve-2009-2956
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.4
Confidence
Low
EPSS
0.002
Percentile
52.6%
The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for configuration files.
Affected configurations
Node
ibmwebsphere_commerce_suite
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | websphere_commerce_suite | * | cpe:2.3:a:ibm:websphere_commerce_suite:*:*:*:*:*:*:*:* |
Related
prion
prion
Improper access control
2009-08-24 15:30:00
nvd
nvd
CVE-2009-2956
2009-08-24 15:30:00
cvelist
cvelist
CVE-2009-2956
2009-08-24 15:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.4
Confidence
Low
EPSS
0.002
Percentile
52.6%
Related for CVE-2009-2956