CVE-2009-2956

IBM WebSphere Commerce Suite - Exposure of Sensitive Information via Configuration Files

Title source: llm
STIX 2.1

Description

The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for configuration files.

References (1)

Core 1
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/52616

Scores

EPSS 0.0108
EPSS Percentile 61.1%

Details

CWE
CWE-200
Status published
Products (1)
ibm/websphere_commerce_suite
Published Aug 24, 2009
Tracked Since Feb 18, 2026