CVE-2020-5016: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the sys

IBM WebSphere Application Server versions 7.0, 8.0, 8.5, and 9.0 contain a path traversal vulnerability (CWE-22, a type of security flaw where an attacker can access files outside the intended directory) that allows remote attackers to view arbitrary XML files when application security is disabled and JAX-RPC applications are present. An attacker exploits this by sending specially-crafted URLs with "dot dot" sequences (/../) to navigate the file system, though the vulnerability does not occur if application security is enabled.