Directory Traversal Vulnerability in IBM WebSphere Application Server
CVE-2021-20517

6.4MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
7 June 2021

Summary

IBM WebSphere Application Server Network Deployment versions 8.5 and 9.0 are susceptible to a directory traversal vulnerability that could be exploited by a remote authenticated attacker. By crafting a malicious URL request containing 'dot dot' sequences (/../), an attacker may gain unauthorized access to read or delete arbitrary files on the server. This vulnerability poses a significant risk to the integrity of the system and the confidentiality of the data it manages. To prevent potential attacks, system administrators should apply relevant security patches and ensure that their configurations are properly secured.

Affected Version(s)

WebSphere Application Server ND 8.5

WebSphere Application Server ND 9.0

References

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.