OWASP Top Ten Project 2013 No 6 – Sensitive Data Exposure
Sensitive File Content Certain files in the Intershop Commerce Management installation contain sensitive information like database passwords or an encryption pass phrase. Unfortunately, sensitive information in files cannot be completely avoided. For ICM sensitive data is stored in: <eserver>/share/system/config/cluster/ orm.properties