Information disclosure in IBM WebSphere Commerce and IBM WebSphere Application Server - CVE-2016-5986
Published: September 19, 2016 / Updated: September 19, 2016
Vulnerability identifier: #VU531
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-5986
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: IBM Corporation
Affected software:
IBM WebSphere Commerce
IBM WebSphere Application Server
IBM WebSphere Commerce
IBM WebSphere Application Server
Detailed vulnerability description
The vulnerability allows a remote user to obtain potentially sensitive information on the target system.
The weakness exists due to response handling error that may cause sensitive data disclosure by a malicious user.
Successful exploitation of the vulnerability results in access to potentially sensitive data on the vulnerable system.
The weakness exists due to response handling error that may cause sensitive data disclosure by a malicious user.
Successful exploitation of the vulnerability results in access to potentially sensitive data on the vulnerable system.
How to mitigate CVE-2016-5986
Update to APAR PI67093.