CVE-2020-6950

Опубликовано: 02 июн. 2021

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Средний

Описание

Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.

Ссылки

https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943
Issue Tracking
Vendor Advisory
https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741
Patch
Third Party Advisory
https://github.com/eclipse-ee4j/mojarra/issues/4571
Issue Tracking
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html
Patch
Third Party Advisory
https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943
Issue Tracking
Vendor Advisory
https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741
Patch
Third Party Advisory
https://github.com/eclipse-ee4j/mojarra/issues/4571
Issue Tracking
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:eclipse:mojarra:*:*:*:*:*:*:*:*

Версия до 2.3.14 (исключая)

Конфигурация 2

Одно из

cpe:2.3:a:oracle:banking_enterprise_default_management:2.10.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:hyperion_calculation_manager:*:*:*:*:*:*:*:*

Версия до 11.2.8.0 (исключая)

cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:solaris_cluster:4.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:time_and_labor:*:*:*:*:*:*:*:*

Версия от 12.2.6 (включая) до 12.2.11 (включая)

EPSS

Процентиль: 98%

0.57917

Средний

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

CVE-2020-6950

CVSS3: 6.5

ubuntu

больше 4 лет назад

Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.

CVE-2020-6950

CVSS3: 6.5

redhat

почти 6 лет назад

Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.

CVE-2020-6950

CVSS3: 6.5

debian

больше 4 лет назад

Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers ...

GHSA-rpq8-mmwh-q9hm

CVSS3: 7.5

github

больше 4 лет назад

Directory traversal in Eclipse Mojarra

BDU:2020-00232

CVSS3: 7.5

fstec

около 6 лет назад

Уязвимость компонента Web Container (JavaServer Faces) сервера приложений Oracle WebLogic Server, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 98%

0.57917

Средний

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-22