CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20517
https://notcve.org/view.php?id=CVE-2021-20517
IBM WebSphere Application Server Network Deployment 8.5 and 9.0 could allow a remote authenticated attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to read and delete arbitrary files on the system. IBM X-Force ID: 198435. IBM WebSphere Application Server Network Deployment versiones 8.5 y 9.0, podría permitir a un atacante remoto autenticado saltar directorios. Un atacante podría enviar una petición de URL especialmente diseñada conteniendo secuencias de "dot dot" (/../) para leer y eliminar archivos arbitrarios en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/198435 https://www.ibm.com/support/pages/node/6456955 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •