Vulnerability Details CVE-2020-6950
Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.576
EPSS Ranking 98.1%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943
- https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741
- https://github.com/eclipse-ee4j/mojarra/issues/4571
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943
- https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741
- https://github.com/eclipse-ee4j/mojarra/issues/4571
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
Products affected by CVE-2020-6950
-
cpe:2.3:a:eclipse:mojarra:1.2-20
-
cpe:2.3:a:eclipse:mojarra:2.0.10
-
cpe:2.3:a:eclipse:mojarra:2.0.11
-
cpe:2.3:a:eclipse:mojarra:2.0.11-01
-
cpe:2.3:a:eclipse:mojarra:2.0.11-02
-
cpe:2.3:a:eclipse:mojarra:2.0.11-03
-
cpe:2.3:a:eclipse:mojarra:2.0.11-04
-
cpe:2.3:a:eclipse:mojarra:2.0.4
-
cpe:2.3:a:eclipse:mojarra:2.0.4-15
-
cpe:2.3:a:eclipse:mojarra:2.0.6
-
cpe:2.3:a:eclipse:mojarra:2.0.7
-
cpe:2.3:a:eclipse:mojarra:2.0.8
-
cpe:2.3:a:eclipse:mojarra:2.0.9
-
cpe:2.3:a:eclipse:mojarra:2.0.9-01
-
cpe:2.3:a:eclipse:mojarra:2.0.9-02
-
cpe:2.3:a:eclipse:mojarra:2.0.9-03
-
cpe:2.3:a:eclipse:mojarra:2.0.9-04
-
cpe:2.3:a:eclipse:mojarra:2.0.9-05
-
cpe:2.3:a:eclipse:mojarra:2.0.9-07
-
cpe:2.3:a:eclipse:mojarra:2.0.9-08
-
cpe:2.3:a:eclipse:mojarra:2.1.10
-
cpe:2.3:a:eclipse:mojarra:2.1.11
-
cpe:2.3:a:eclipse:mojarra:2.1.12
-
cpe:2.3:a:eclipse:mojarra:2.1.13
-
cpe:2.3:a:eclipse:mojarra:2.1.14
-
cpe:2.3:a:eclipse:mojarra:2.1.15
-
cpe:2.3:a:eclipse:mojarra:2.1.16
-
cpe:2.3:a:eclipse:mojarra:2.1.17
-
cpe:2.3:a:eclipse:mojarra:2.1.18
-
cpe:2.3:a:eclipse:mojarra:2.1.19
-
cpe:2.3:a:eclipse:mojarra:2.1.2
-
cpe:2.3:a:eclipse:mojarra:2.1.20
-
cpe:2.3:a:eclipse:mojarra:2.1.20-02
-
cpe:2.3:a:eclipse:mojarra:2.1.20-03
-
cpe:2.3:a:eclipse:mojarra:2.1.20-04
-
cpe:2.3:a:eclipse:mojarra:2.1.20-05
-
cpe:2.3:a:eclipse:mojarra:2.1.20-06
-
cpe:2.3:a:eclipse:mojarra:2.1.20-07
-
cpe:2.3:a:eclipse:mojarra:2.1.20-08
-
cpe:2.3:a:eclipse:mojarra:2.1.20-09
-
cpe:2.3:a:eclipse:mojarra:2.1.20-10
-
cpe:2.3:a:eclipse:mojarra:2.1.20-11
-
cpe:2.3:a:eclipse:mojarra:2.1.20-12
-
cpe:2.3:a:eclipse:mojarra:2.1.20-13
-
cpe:2.3:a:eclipse:mojarra:2.1.20-14
-
cpe:2.3:a:eclipse:mojarra:2.1.20-15
-
cpe:2.3:a:eclipse:mojarra:2.1.20-16
-
cpe:2.3:a:eclipse:mojarra:2.1.21
-
cpe:2.3:a:eclipse:mojarra:2.1.22
-
cpe:2.3:a:eclipse:mojarra:2.1.23
-
cpe:2.3:a:eclipse:mojarra:2.1.24
-
cpe:2.3:a:eclipse:mojarra:2.1.25
-
cpe:2.3:a:eclipse:mojarra:2.1.26
-
cpe:2.3:a:eclipse:mojarra:2.1.27
-
cpe:2.3:a:eclipse:mojarra:2.1.28
-
cpe:2.3:a:eclipse:mojarra:2.1.29
-
cpe:2.3:a:eclipse:mojarra:2.1.29-01
-
cpe:2.3:a:eclipse:mojarra:2.1.29-02
-
cpe:2.3:a:eclipse:mojarra:2.1.29-03
-
cpe:2.3:a:eclipse:mojarra:2.1.29-04
-
cpe:2.3:a:eclipse:mojarra:2.1.29-05
-
cpe:2.3:a:eclipse:mojarra:2.1.29-06
-
cpe:2.3:a:eclipse:mojarra:2.1.29-07
-
cpe:2.3:a:eclipse:mojarra:2.1.29-08
-
cpe:2.3:a:eclipse:mojarra:2.1.29-09
-
cpe:2.3:a:eclipse:mojarra:2.1.29-10
-
cpe:2.3:a:eclipse:mojarra:2.1.29-11
-
cpe:2.3:a:eclipse:mojarra:2.1.3
-
cpe:2.3:a:eclipse:mojarra:2.1.4
-
cpe:2.3:a:eclipse:mojarra:2.1.5-01
-
cpe:2.3:a:eclipse:mojarra:2.1.5-02
-
cpe:2.3:a:eclipse:mojarra:2.1.5-03
-
cpe:2.3:a:eclipse:mojarra:2.1.5-04
-
cpe:2.3:a:eclipse:mojarra:2.1.6
-
cpe:2.3:a:eclipse:mojarra:2.1.7
-
cpe:2.3:a:eclipse:mojarra:2.1.7-01
-
cpe:2.3:a:eclipse:mojarra:2.1.7-02
-
cpe:2.3:a:eclipse:mojarra:2.1.7-03
-
cpe:2.3:a:eclipse:mojarra:2.1.7-04
-
cpe:2.3:a:eclipse:mojarra:2.1.7-05
-
cpe:2.3:a:eclipse:mojarra:2.1.7-06
-
cpe:2.3:a:eclipse:mojarra:2.1.7-07
-
cpe:2.3:a:eclipse:mojarra:2.1.7-08
-
cpe:2.3:a:eclipse:mojarra:2.1.7-09
-
cpe:2.3:a:eclipse:mojarra:2.1.7-10
-
cpe:2.3:a:eclipse:mojarra:2.1.8
-
cpe:2.3:a:eclipse:mojarra:2.1.9
-
cpe:2.3:a:eclipse:mojarra:2.2.0
-
cpe:2.3:a:eclipse:mojarra:2.2.1
-
cpe:2.3:a:eclipse:mojarra:2.2.10
-
cpe:2.3:a:eclipse:mojarra:2.2.11
-
cpe:2.3:a:eclipse:mojarra:2.2.12
-
cpe:2.3:a:eclipse:mojarra:2.2.13
-
cpe:2.3:a:eclipse:mojarra:2.2.14
-
cpe:2.3:a:eclipse:mojarra:2.2.15
-
cpe:2.3:a:eclipse:mojarra:2.2.16
-
cpe:2.3:a:eclipse:mojarra:2.2.17
-
cpe:2.3:a:eclipse:mojarra:2.2.18
-
cpe:2.3:a:eclipse:mojarra:2.2.2
-
cpe:2.3:a:eclipse:mojarra:2.2.3
-
cpe:2.3:a:eclipse:mojarra:2.2.4
-
cpe:2.3:a:eclipse:mojarra:2.2.5
-
cpe:2.3:a:eclipse:mojarra:2.2.6
-
cpe:2.3:a:eclipse:mojarra:2.2.7
-
cpe:2.3:a:eclipse:mojarra:2.2.8
-
cpe:2.3:a:eclipse:mojarra:2.2.8-01
-
cpe:2.3:a:eclipse:mojarra:2.2.8-02
-
cpe:2.3:a:eclipse:mojarra:2.2.8-03
-
cpe:2.3:a:eclipse:mojarra:2.2.8-04
-
cpe:2.3:a:eclipse:mojarra:2.2.8-05
-
cpe:2.3:a:eclipse:mojarra:2.2.8-06
-
cpe:2.3:a:eclipse:mojarra:2.2.8-07
-
cpe:2.3:a:eclipse:mojarra:2.2.8-08
-
cpe:2.3:a:eclipse:mojarra:2.2.8-09
-
cpe:2.3:a:eclipse:mojarra:2.2.8-10
-
cpe:2.3:a:eclipse:mojarra:2.2.8-11
-
cpe:2.3:a:eclipse:mojarra:2.2.8-12
-
cpe:2.3:a:eclipse:mojarra:2.2.8-13
-
cpe:2.3:a:eclipse:mojarra:2.2.8-14
-
cpe:2.3:a:eclipse:mojarra:2.2.8-15
-
cpe:2.3:a:eclipse:mojarra:2.2.8-16
-
cpe:2.3:a:eclipse:mojarra:2.2.8-17
-
cpe:2.3:a:eclipse:mojarra:2.2.8-18
-
cpe:2.3:a:eclipse:mojarra:2.2.8-19
-
cpe:2.3:a:eclipse:mojarra:2.2.8-22
-
cpe:2.3:a:eclipse:mojarra:2.2.8-23
-
cpe:2.3:a:eclipse:mojarra:2.2.8-24
-
cpe:2.3:a:eclipse:mojarra:2.2.8-25
-
cpe:2.3:a:eclipse:mojarra:2.2.8-26
-
cpe:2.3:a:eclipse:mojarra:2.2.8-27
-
cpe:2.3:a:eclipse:mojarra:2.2.8-28
-
cpe:2.3:a:eclipse:mojarra:2.2.8-29
-
cpe:2.3:a:eclipse:mojarra:2.2.8-30
-
cpe:2.3:a:eclipse:mojarra:2.2.9
-
cpe:2.3:a:eclipse:mojarra:2.3.0
-
cpe:2.3:a:eclipse:mojarra:2.3.1
-
cpe:2.3:a:eclipse:mojarra:2.3.10
-
cpe:2.3:a:eclipse:mojarra:2.3.11
-
cpe:2.3:a:eclipse:mojarra:2.3.12
-
cpe:2.3:a:eclipse:mojarra:2.3.13
-
cpe:2.3:a:eclipse:mojarra:2.3.2
-
cpe:2.3:a:eclipse:mojarra:2.3.3
-
cpe:2.3:a:eclipse:mojarra:2.3.3.99
-
cpe:2.3:a:eclipse:mojarra:2.3.4
-
cpe:2.3:a:eclipse:mojarra:2.3.5
-
cpe:2.3:a:eclipse:mojarra:2.3.6
-
cpe:2.3:a:eclipse:mojarra:2.3.7
-
cpe:2.3:a:eclipse:mojarra:2.3.8
-
cpe:2.3:a:eclipse:mojarra:2.3.9
-
cpe:2.3:a:oracle:banking_enterprise_default_management:2.10.0
-
cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0
-
cpe:2.3:a:oracle:banking_platform:2.12.0
-
cpe:2.3:a:oracle:banking_platform:2.6.2
-
cpe:2.3:a:oracle:banking_platform:2.7.1
-
cpe:2.3:a:oracle:banking_platform:2.9.0
-
cpe:2.3:a:oracle:communications_network_integrity:7.3.6
-
cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0
-
cpe:2.3:a:oracle:hyperion_calculation_manager:*
-
cpe:2.3:a:oracle:retail_merchandising_system:19.0.1
-
cpe:2.3:a:oracle:solaris_cluster:4.0
-
cpe:2.3:a:oracle:time_and_labor:12.2.11
-
cpe:2.3:a:oracle:time_and_labor:12.2.6