1. CVE-Search
  2. CVE-2006-2430
ID CVE-2006-2430
Summary IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, and 6.0.2 up to 6.0.2.7 records user credentials in plaintext in addNode.log, which allows attackers to gain privileges.
References
Vulnerable Configurations
  • cpe:2.3:a:ibm:websphere_application_server:5.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:5.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:5.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:5.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:5.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:5.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:5.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:6.0.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:6.0.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:6.0.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:6.0.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:6.0.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:6.0.2.7:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 08-03-2011 - 02:36)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
aixapar
  • PK16492
  • PK22416
bugtraq 20060509 IBM Websphere Application Server Multiple Vulnerabilities
confirm
osvdb 25372
secunia 20032
sreason 910
vupen ADV-2006-1736
Last major update 08-03-2011 - 02:36
Published 17-05-2006 - 10:06
Last modified 08-03-2011 - 02:36
Back to Top