Information disclosure in Ibm Integration_bus

CVE-2014-4819

The web user interface in IBM WebSphere Message Broker 8.0 before 8.0.0.6 and IBM Integration Bus 9.0 before 9.0.0.3 allows remote authenticated users to obtain sensitive information by reading the error page.

Vulnerability class: Information Disclosure

EPSS: 0.003 (50.2th percentile) — read the EPSS interpretation.

Affected products

Ibm Integration_bus — versions 9.0, 9.0.0.1, 9.0.0.2
Ibm Websphere_message_broker — versions 8.0, 8.0.0.1, 8.0.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

ibm-websphere-cve20144819-info-disc(95456) (vdb-entry, x_refsource_XF)
psirt@us.ibm.com (x_refsource_CONFIRM, Vendor Advisory)
61356 (x_refsource_SECUNIA, third-party-advisory)
IT03097 (vendor-advisory, x_refsource_AIXAPAR)