Security Bulletin: Security vulnerability is identified in the WebSphere Application Server where Rational Asset Manager is deployed (CVE-2020-5016)

2021-03-2412:36:19

www.ibm.com

websphere application server

rational asset manager

security vulnerability

directory traversal

EPSS

0.002

Percentile

51.9%

JSON

Summary

In the WebSphere Application Server Admin console, where the Rational Asset Manager is deployed, vulnerabilities allowing a remote attacker to traverse directories on the system is observed. Information about this security vulnerability affecting WebSphere Application Server is published in the respective security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

IBM Rational Asset Manager 7.5.1, 7.5.2.x, 7.5.3.x, and 7.5.4.x.

NOTE: Rational Asset Manager 7.5.2 and later versions does not support embedded WebSphere Application Server.

Refer to the following security bulletin for vulnerability details and information about fixes addressed by IBM WebSphere Application Server (WAS).

Affected Supporting Product	Affected Supporting Product Security Bulletin
IBM WebSphere Application Server Version 7.0, 8.0, 8.5, and 9.0.	Security Bulletin: WebSphere Application Server is vulnerable to a Directory Traversal vulnerability (CVE-2020-5016)

Remediation/Fixes

None.

Workarounds and Mitigations