Rewterz Threat Advisory – CVE-2020-35513 – IBM Security Guardium Vulnerability
June 6, 2021Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
June 7, 2021Rewterz Threat Advisory – CVE-2020-35513 – IBM Security Guardium Vulnerability
June 6, 2021Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
June 7, 2021Severity
Medium
Analysis Summary
CVE-2021-20517
IBM WebSphere Application Server Network Deployment could allow a remote authenticated attacker to traverse directories. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to read and delete arbitrary files on the system.
Impact
- Unauthorized Access
- Information Theft
- Data Loss
Affected Vendors
IBM
Affected Products
- WebSphere Application Server ND 9.0
- WebSphere Application Server ND 8.5
Remediation
Refer to IBM Security Bulletin for patch, upgrade or suggested workaround information.