5
CVE-2010-2639
- EPSS 1.24%
- Veröffentlicht 06.12.2010 20:12:58
- Zuletzt bearbeitet 16.06.2026 23:21:07
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows remote attackers to read messages intended for other recipients via vectors involving access by the outbound messaging system to the RunTimeProfileCacheCmdImpl class, related to the caching of mutable objects and "concurrency issues."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Websphere Commerce Version7.0 Editionenterprise
Ibm ≫ Websphere Commerce Version7.0.0.1 Editionenterprise
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.24% | 0.653 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://www-01.ibm.com/support/docview.wss?uid=swg24028397
http://www-1.ibm.com/support/docview.wss?uid=swg1JR38114
http://www.securitytracker.com/id?1024845
https://exchange.xforce.ibmcloud.com/vulnerabilities/63406