CVE-2014-6211 Information

Description

The command-line scripts in IBM WebSphere Commerce 6.0 through 6.0.0.11 7.0 through 7.0.0.9 and 7.0 Feature Pack 2 through 8 when debugging is configured do not properly restrict the logging of personal data which allows local users to obtain sensitive information by reading a log file.

Reference

http://www.securitytracker.com/id/1032248 http://www-01.ibm.com/support/docview.wss?uid=swg1JR52117 http://www-01.ibm.com/support/docview.wss?uid=swg1JR52983 http://www-01.ibm.com/support/docview.wss?uid=swg21883875