CVE-2020-5410
VMware Tanzu Spring Cloud Config Directory Traversal Vulnerability
CVSS
—
No CVSS
EPSS
95.6%
p100
KEV
YES
Mar 25, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
95.6%EPSS · 30 days95.6%
2026-06-302026-07-16
Product
VMware Tanzu / Spring Cloud Configuration (Config) Server
Vulnerability
VMware Tanzu Spring Cloud Config Directory Traversal Vulnerability
Added to KEV
Mar 25, 2022
Remediate by
Apr 15, 2022
Known ransomware use
No
Summary description
Spring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability that allows applications to serve arbitrary configuration files.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-5410
No related CVEs by CWE or product.