vulnerability
IBM WebSphere Application Server: CVE-2020-5016: WebSphere Application Server is vulnerable to a Directory Traversal vulnerability (CVE-2020-5016)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:S/C:P/I:N/A:N) | Mar 10, 2021 | Jul 2, 2021 | Aug 11, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:S/C:P/I:N/A:N)
Published
Mar 10, 2021
Added
Jul 2, 2021
Modified
Aug 11, 2025
Description
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. When application security is disabled and JAX-RPC applications are present, an attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary xml files on the system. This does not occur if Application security is enabled. IBM X-Force ID: 193556.
Solutions
ibm-was-install-7-0-0-0-ph33037ibm-was-install-8-0-0-0-ph33037ibm-was-install-8-5-0-0-ph33037ibm-was-install-9-0-0-0-ph33037ibm-was-upgrade-8-5-0-0-8-5-5-20ibm-was-upgrade-9-0-0-0-9-0-5-7
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.