CVE-2006-4136

IBM WebSphere Application Server < 6.1.0.1 - Exposure of Sensitive Information via SOAP Requests and MBean

Title source: llm
STIX 2.1

Description

Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.1.0.1 have unspecified impact and attack vectors involving (1) "SOAP requests and responses", (2) mbean, (3) ThreadIdentitySupport, and possibly others.

References (7)

Core 7
Core References
Patch vendor-advisory x_refsource_aixapar
http://www-1.ibm.com/support/search.wss?rs=0&q=PK25199&apar=only
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3262
Patch vendor-advisory x_refsource_aixapar
http://www-1.ibm.com/support/search.wss?rs=0&q=PK24334&apar=only
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/19463
Patch vendor-advisory x_refsource_aixapar
http://www-1.ibm.com/support/search.wss?rs=0&q=PK26498&apar=only
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21440

Scores

EPSS 0.0148
EPSS Percentile 70.9%

Details

CWE
CWE-200 CWE-264
Status published
Products (16)
ibm/websphere_application_server 6.0
ibm/websphere_application_server 6.0.0.1
ibm/websphere_application_server 6.0.0.2
ibm/websphere_application_server 6.0.0.3
ibm/websphere_application_server 6.0.1
ibm/websphere_application_server 6.0.1.2
ibm/websphere_application_server 6.0.2
ibm/websphere_application_server 6.0.2.1
ibm/websphere_application_server 6.0.2.2
ibm/websphere_application_server 6.0.2.3
... and 6 more
Published Aug 14, 2006
Tracked Since Feb 18, 2026