Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.
References
Link | Resource |
---|---|
https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943 | Issue Tracking Vendor Advisory |
https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741 | Patch Third Party Advisory |
https://github.com/eclipse-ee4j/mojarra/issues/4571 | Issue Tracking Third Party Advisory |
https://www.oracle.com/security-alerts/cpuapr2022.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpujan2022.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpuoct2021.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
12 May 2022, 14:06
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:hyperion_calculation_manager:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:solaris_cluster:4.0:*:*:*:*:*:*:* |
20 Apr 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
31 Mar 2022, 18:22
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:oracle:time_and_labor:*:*:*:*:*:*:*:* |
07 Feb 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Dec 2021, 19:36
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_enterprise_default_management:2.10.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:* |
|
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory |
20 Oct 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Aug 2021, 12:41
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.5 |
References | (MISC) https://github.com/eclipse-ee4j/mojarra/issues/4571 - Issue Tracking, Third Party Advisory | |
References | (MISC) https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741 - Patch, Third Party Advisory |
09 Jun 2021, 19:19
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
References | (MISC) https://github.com/eclipse-ee4j/mojarra/issues/4571 - Third Party Advisory | |
References | (MISC) https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943 - Issue Tracking, Vendor Advisory | |
References | (MISC) https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741 - Third Party Advisory | |
CPE | cpe:2.3:a:eclipse:mojarra:*:*:*:*:*:*:*:* | |
CWE | CWE-22 |
02 Jun 2021, 16:28
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-06-02 16:15
Updated : 2024-02-04 21:47
NVD link : CVE-2020-6950
Mitre link : CVE-2020-6950
CVE.ORG link : CVE-2020-6950
JSON object : View
Products Affected
oracle
- communications_network_integrity
- banking_platform
- time_and_labor
- solaris_cluster
- hyperion_calculation_manager
- retail_merchandising_system
- banking_enterprise_default_management
- communications_pricing_design_center
eclipse
- mojarra
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')