The Configservice APIs in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5, when tracing is enabled, allow remote attackers to obtain sensitive information via unspecified use of the wsadmin scripting tool.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 2.0 | 5.0 | MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
| Hyperlink | Source | Resource |
|---|---|---|
| http://secunia.com/advisories/35301 | cve@mitre.org | Vendor Advisory |
| http://www-01.ibm.com/support/docview.wss?uid=swg27006876 | cve@mitre.org | Patch Vendor Advisory |
| http://www-01.ibm.com/support/docview.wss?uid=swg27007951 | cve@mitre.org | N/A |
| http://www-01.ibm.com/support/docview.wss?uid=swg27014463 | cve@mitre.org | N/A |
| http://www-1.ibm.com/support/docview.wss?uid=swg1PK84999 | cve@mitre.org | N/A |
| http://www.securityfocus.com/bid/35405 | cve@mitre.org | N/A |
| http://www.vupen.com/english/advisories/2009/1464 | cve@mitre.org | Patch Vendor Advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/51171 | cve@mitre.org | N/A |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/52077 | cve@mitre.org | N/A |