Directory Traversal Vulnerability in IBM WebSphere Application Server
CVE-2021-20517

6.4MEDIUM

Key Information:

Vendor: IBM
Status: Websphere Application Server Nd
Vendor: CVE Published:; 7 June 2021

Summary

IBM WebSphere Application Server Network Deployment versions 8.5 and 9.0 are susceptible to a directory traversal vulnerability that could be exploited by a remote authenticated attacker. By crafting a malicious URL request containing 'dot dot' sequences (/../), an attacker may gain unauthorized access to read or delete arbitrary files on the server. This vulnerability poses a significant risk to the integrity of the system and the confidentiality of the data it manages. To prevent potential attacks, system administrators should apply relevant security patches and ensure that their configurations are properly secured.

Affected Version(s)

WebSphere Application Server ND 8.5

WebSphere Application Server ND 9.0

References

https://www.ibm.com/support/pages/node/6456955

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/198435

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 7, 2021
Vulnerability Reserved
Dec 17, 2020