IBM WebSphere Commerce May Disclose One User's Messages to Another User

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

SecurityTracker Alert ID: 1024845

SecurityTracker URL: http://securitytracker.com/id/1024845

CVE Reference: CVE-2010-2639 (Links to External Site)

Date: Dec 9 2010

Impact: Disclosure of user information

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 7.0 prior to 7.0.0.2

Description: A vulnerability was reported in IBM WebSphere. A remote user can obtain potentially sensitive information.

A remote user may be able to obtain messages destined for a different user due to an error when the outbound messaging system accesses the RunTimeProfileCacheCmdImpl class.

Impact: A remote user can obtain messages destined for another user.

Solution: The vendor has issued a fix (Fix Pack 7.0.0.2; APAR JR38114).

The vendor's advisory is available at:

http://www-01.ibm.com/support/docview.wss?uid=swg24028397

Vendor URL: www-01.ibm.com/support/docview.wss?uid=swg24028397 (Links to External Site)

Cause: Access control error

Underlying OS: Linux (Any), UNIX (AIX), UNIX (Solaris - SunOS), Windows (Any)

Message History: None.

Date: Thu, 09 Dec 2010 16:30:25 +0000
Subject: IBM WebSphere Commerce Enterprise


CVE-2010-2639

http://www-01.ibm.com/support/docview.wss?uid=swg24028397