IBM Support

JR53970 - Security APAR CVE-2015-5015: Potential Information Disclosure vulnerability could expose user personal data

Downloadable files


Abstract

Security APAR CVE-2015-5015: Potential Information Disclosure vulnerability could expose user personal data

Download Description

An unauthenticated remote attacker, using a specially crafted URL, could exploit a security vulnerability in WebSphere Commerce to expose user personal data through REST services.

Prerequisites

Install the latest WebSphere Commerce Update Installer.
Note: This Interim Fix can be applied by using the Roll Out Update process.

URL LANGUAGE SIZE(Bytes)
WebSphere Commerce Update Installer English 1

Download package

Download RELEASE DATE LANGUAGE SIZE(Bytes) Download Options
What is Fix Central(FC)?
8.0.0.0-WS-WC70FeaturePack8Server-IFJR53970 21 Oct 2015 English 24888626 FC
8.0.0.0-WS-WC70FeaturePack8Developer-IFJR53970 21 Oct 2015 English 24699342 FC

Problems (APARS) fixed
JR53970

Document information

More support for: WebSphere Commerce Enterprise

Software version: 7.0.0.9

Operating system(s): AIX, IBM i, Linux, Solaris, Windows

Software edition: All Editions

Reference #: 4041027

Modified date: 28 April 2017