CVE-2009-2956
IBM WebSphere Commerce Suite - Exposure of Sensitive Information via Configuration Files
Title source: llmDescription
The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for configuration files.
References (1)
Core 1
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/52616
Scores
EPSS
0.0108
EPSS Percentile
61.1%
Details
CWE
CWE-200
Status
published
Products (1)
ibm/websphere_commerce_suite
Published
Aug 24, 2009
Tracked Since
Feb 18, 2026