CVE-2011-1310

IBM WebSphere Application Server 6.1.0.x-6.1.0.34 and 7.x-7.0.0.14 - Sensitive Information Exposure

Title source: llm
STIX 2.1

Description

The Administrative Scripting Tools component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when tracing is enabled, places wsadmin command parameters into the (1) wsadmin.traceout and (2) trace.log files, which allows local users to obtain potentially sensitive information by reading these files.

References (2)

Core 2
Core References
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PM18736
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg27014463

Scores

EPSS 0.0027
EPSS Percentile 18.7%

Details

CWE
CWE-200
Status published
Products (32)
ibm/websphere_application_server 6.1.0
ibm/websphere_application_server 6.1.0.0
ibm/websphere_application_server 6.1.0.1
ibm/websphere_application_server 6.1.0.2
ibm/websphere_application_server 6.1.0.3
ibm/websphere_application_server 6.1.0.5
ibm/websphere_application_server 6.1.0.7
ibm/websphere_application_server 6.1.0.9
ibm/websphere_application_server 6.1.0.11
ibm/websphere_application_server 6.1.0.12
... and 22 more
Published Mar 08, 2011
Tracked Since Feb 18, 2026