CVE-2009-2956

The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for configuration files.

Published: Aug 24, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-2956
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
ibm / websphere_commerce_suite	-	-

https://exchange.xforce.ibmcloud.com/vulnerabilities/52616

Vulnerability Database

289,697

CVE-2009-2956