cbcvebase.
CVE-2020-6950
published 2021-06-02

CVE-2020-6950: Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.

medium6.5CVSS 3.1
AVNACLPRNUIRSUCHINAN
EXPLOIT
Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.

Affected

24 ranges
VendorProductVersion rangeFixed in
debianmojarra
eclipsemojarra< 2.3.142.3.14
oraclebanking_enterprise_default_management
oraclebanking_enterprise_default_management
oraclebanking_platform
oraclebanking_platform
oraclebanking_platform
oraclebanking_platform
oraclecommunications_network_integrity
oraclecommunications_pricing_design_center
oraclehyperion_calculation_manager< 11.2.8.011.2.8.0
oracleretail_merchandising_system
oraclesolaris_cluster
oracletime_and_labor12.2.6 – 12.2.11
sailpointidentityiq< 8.18.1
sailpointidentityiq
sailpointidentityiq
sailpointidentityiq
sailpointidentityiq
sailpointidentityiq
sailpointidentityiq>= 8.1 < 8.1p78.1p7
sailpointidentityiq>= 8.2 < 8.2p78.2p7
sailpointidentityiq>= 8.3 < 8.3p48.3p4
sailpointidentityiq>= 8.4 < 8.4p18.4p1