CVE-2011-5066

IBM WebSphere Application Server 6.1 - Sensitive Information Exposure via SibRaRecoverableSiXaResource FFDC Log

Title source: llm
STIX 2.1

Description

The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 does not properly handle a Service Integration Bus (SIB) dump operation involving the First Failure Data Capture (FFDC) introspection code, which allows local users to obtain sensitive information by reading the FFDC log file.

References (2)

Core 2
Core References
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg27007951
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PM36685

Scores

EPSS 0.0031
EPSS Percentile 23.1%

Details

CWE
CWE-200
Status published
Products (31)
ibm/websphere_application_server 6.1
ibm/websphere_application_server 6.1.0
ibm/websphere_application_server 6.1.0.0
ibm/websphere_application_server 6.1.0.1
ibm/websphere_application_server 6.1.0.2
ibm/websphere_application_server 6.1.0.3
ibm/websphere_application_server 6.1.0.5
ibm/websphere_application_server 6.1.0.7
ibm/websphere_application_server 6.1.0.9
ibm/websphere_application_server 6.1.0.11
... and 21 more
Published Jan 15, 2012
Tracked Since Feb 18, 2026