CVE-2006-6136 — IBM Websphere Application Server vulnerability

3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

1.2%

top 20.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server

Timeline

PublishedNov 28

Latest updateMay 1

Description

IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) does not perform EAL4 authentication checks at the proper time during "registering of response operation," which has unknown impact and attack vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDibm/websphere_application_server6.1.0

Patches

Patch: www-1.ibm.com ↗Patch: www-1.ibm.com ↗Patch: www-1.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-rvfg-pj6j-pv7g: IBM WebSphere Application Server 6↗2022-05-01

▶

CVEList

CVE-2006-6136: IBM WebSphere Application Server 6↗2006-11-28

▶