CVE-2006-2430 — IBM Websphere Application Server vulnerability

3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

2.1%

top 16.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server

Timeline

PublishedMay 17

Latest updateMay 1

Description

IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, and 6.0.2 up to 6.0.2.7 records user credentials in plaintext in addNode.log, which allows attackers to gain privileges.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDibm/websphere_application_server13 versions+12

Patches

Patch: archives.neohapsis.com ↗Patch: secunia.com ↗Patch: www-1.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-rqph-mv69-45pw: IBM WebSphere Application Server 5↗2022-05-01

▶

CVEList

CVE-2006-2430: IBM WebSphere Application Server 5↗2006-05-17

▶