TITLE:
IBM WebSphere Commerce Customer Information Disclosure

SECUNIA ADVISORY ID:
SA13234

VERIFY ADVISORY:
http://secunia.com/advisories/13234/

CRITICAL:
Less critical

IMPACT:
Exposure of sensitive information

WHERE:
Local system

SOFTWARE:
IBM WebSphere Commerce 5.x
http://secunia.com/product/4277/

DESCRIPTION:
A security issue has been reported in IBM WebSphere Commerce, which
potentially may disclose customer information.

The problem reportedly exists if store views update the database or
directly invoke commands that perform the database update, which may
result in customer information being stored under the default user.

The security issue has been reported in versions 5.1, 5.4, 5.5, and
5.6.

SOLUTION:
Follow the steps in the original vendor advisory to determine if
systems are affected.

Customers with affected systems are urged to contact WebSphere
Commerce support for details on how to resolve this issue.

PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.

ORIGINAL ADVISORY:
http://www-1.ibm.com/support/docview.wss?uid=swg21187876

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------