Ibm · Ibm Websphere Host On-Demand · CVE-2006-6537
**Name of the Vulnerable Software and Affected Versions**
IBM WebSphere Host On-Demand versions 6.0 through 10.0
**Description**
The issue allows remote attackers to bypass authentication by modifying the `pnl` parameter, which is related to the "hod/HODAdmin.html" and "hod/frameset.html" endpoints.
**Recommendations**
For IBM WebSphere Host On-Demand versions 6.0 through 10.0, consider restricting access to the `hod/HODAdmin.html` and `hod/frameset.html` endpoints until a patch is available. As a temporary workaround, avoid using the modified `pnl` parameter in these endpoints to minimize the risk of exploitation.