Unrated severityNVD Advisory· Published May 17, 2006· Updated Jun 16, 2026

CVE-2006-2436

Description

WebSphere Application Server 5.0.2 (or any earlier cumulative fix) stores admin and LDAP passwords in plaintext in the FFDC logs when a login to WebSphere fails, which allows attackers to gain privileges.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

IBM/Websphere Application Server4 versions
cpe:2.3:a:ibm:websphere_application_server:5.0.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:ibm:websphere_application_server:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_application_server:5.0.2:*:*:*:*:*:*:*
- (no CPE)range: <=5.0.2

Patches

Vulnerability mechanics

References

archives.neohapsis.com/archives/bugtraq/2006-05/0175.htmlnvdPatch
secunia.com/advisories/20032nvdPatchVendor Advisory
www-1.ibm.com/support/docview.wssnvdPatch
www-1.ibm.com/support/search.wssnvdPatch
securityreason.com/securityalert/910nvd
www.vupen.com/english/advisories/2006/1736nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000