CVE-2016-5894

Опубликовано: 08 мар. 2017

Источник: nvd

CVSS3: 5.1

CVSS2: 1.9

EPSS Низкий

Описание

IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 is vulnerable to information disclosure vulnerability. A local user could view a plain text password in a Unix console. IBM Reference #: 1997408.

Ссылки

http://www.ibm.com/support/docview.wss?uid=swg21997408
Patch
Vendor Advisory
http://www.securityfocus.com/bid/96624
http://www.securitytracker.com/id/1037962
http://www.ibm.com/support/docview.wss?uid=swg21997408
Patch
Vendor Advisory
http://www.securityfocus.com/bid/96624
http://www.securitytracker.com/id/1037962

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:websphere_commerce:7.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:7.0.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:7.0.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:7.0.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:7.0.0.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:7.0.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:7.0.0.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:7.0.0.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:7.0.0.8:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:7.0.0.9:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:8.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:8.0.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:8.0.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:8.0.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:8.0.0.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:8.0.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:8.0.0.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:8.0.0.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:8.0.0.8:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:8.0.0.9:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:8.0.0.10:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:8.0.0.11:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:8.0.0.12:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:8.0.0.13:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:8.0.0.14:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:8.0.0.15:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:8.0.0.16:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:8.0.0.17:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:8.0.0.18:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:8.0.0.19:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:8.0.1.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:8.0.1.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:8.0.1.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:8.0.1.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:8.0.1.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:8.0.1.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:8.0.1.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:8.0.1.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:8.0.1.8:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:8.0.1.9:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:8.0.1.11:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_commerce:8.0.1.12:*:*:*:*:*:*:*

EPSS

Процентиль: 17%

0.00054

Низкий

5.1 Medium

CVSS3

1.9 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-9xhp-r5x3-pvv6