CVE-2011-5066
IBM WebSphere Application Server 6.1 - Sensitive Information Exposure via SibRaRecoverableSiXaResource FFDC Log
Title source: llmDescription
The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 does not properly handle a Service Integration Bus (SIB) dump operation involving the First Failure Data Capture (FFDC) introspection code, which allows local users to obtain sensitive information by reading the FFDC log file.
References (2)
Core 2
Core References
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg27007951
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PM36685
Scores
EPSS
0.0031
EPSS Percentile
23.1%
Details
CWE
CWE-200
Status
published
Products (31)
ibm/websphere_application_server
6.1
ibm/websphere_application_server
6.1.0
ibm/websphere_application_server
6.1.0.0
ibm/websphere_application_server
6.1.0.1
ibm/websphere_application_server
6.1.0.2
ibm/websphere_application_server
6.1.0.3
ibm/websphere_application_server
6.1.0.5
ibm/websphere_application_server
6.1.0.7
ibm/websphere_application_server
6.1.0.9
ibm/websphere_application_server
6.1.0.11
... and 21 more
Published
Jan 15, 2012
Tracked Since
Feb 18, 2026