CVE-2009-2956
Published Aug 24, 2009
Last updated 7 years ago
Overview
- Description
- The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for configuration files.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-200
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce_suite:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9325A374-8168-4C9C-8A6B-FF034FB7EC30"
}
],
"operator": "OR"
}
]
}
]