CVE-2015-4980
https://notcve.org/view.php?id=CVE-2015-4980
Unspecified vulnerability in IBM WebSphere Commerce 7.0.0.6 through 7.0.0.9 allows remote authenticated users to obtain sensitive personal information via unknown vectors. Vulnerabilidad no especificada en IBM WebSphere Commerce 7.0.0.6 hasta la versión 7.0.0.9, permite a usuarios remotos autenticados obtener información personal sensible a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR54107 http://www-01.ibm.com/support/docview.wss?uid=swg21965013 http://www.securitytracker.com/id/1033447 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-6211
https://notcve.org/view.php?id=CVE-2014-6211
The command-line scripts in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 2 through 8, when debugging is configured, do not properly restrict the logging of personal data, which allows local users to obtain sensitive information by reading a log file. Las secuencias de comandos command-line en IBM WebSphere Commerce 6.0 hasta 6.0.0.11, 7.0 hasta 7.0.0.9, y 7.0 Feature Pack 2 hasta 8, cuando la depuración está configurada, no restringen correctamente el registro de datos personales, lo que permite a usuarios locales obtener información sensible mediante la lectura de un fichero de registros. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR52117 http://www-01.ibm.com/support/docview.wss?uid=swg1JR52983 http://www-01.ibm.com/support/docview.wss?uid=swg21883875 http://www.securitytracker.com/id/1032248 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •