CVE-2006-2436 — IBM Websphere Application Server vulnerability

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.7%

top 26.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server

Timeline

PublishedMay 17

Latest updateMay 1

Description

WebSphere Application Server 5.0.2 (or any earlier cumulative fix) stores admin and LDAP passwords in plaintext in the FFDC logs when a login to WebSphere fails, which allows attackers to gain privileges.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDibm/websphere_application_server5.0.0, 5.0.1, 5.0.2+2

Patches

Patch: archives.neohapsis.com ↗Patch: secunia.com ↗Patch: www-1.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-v9vw-jj54-2r8v: WebSphere Application Server 5↗2022-05-01

▶

CVEList

CVE-2006-2436: WebSphere Application Server 5↗2006-05-17

▶