Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-6950

CWE-22Path Traversal14 documents9 sources
Severity
6.5MEDIUM
EPSS
51.7%
top 2.10%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
10
Sailpoint IdentityiqEclipse MojarraOracle Hyperion Calculation Manager+7 more
Timeline
PublishedJun 2
Latest updateApr 15

Description

Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages11 packages

NVDeclipse/mojarra< 2.3.14
CVEListV5sailpoint/identityiq8.18.1p7+3
NVDoracle/time_and_labor12.2.612.2.11

Patches

Patch: github.comPatch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
Directory traversal in Eclipse Mojarra2021-09-01
OSV
Directory traversal in Eclipse Mojarra2021-09-01
CVEList
CVE-2020-6950: Directory traversal in Eclipse Mojarra before 22021-06-02

💥Exploits & PoCs

1
Nuclei
Eclipse Mojarra - Local File Read

📋Vendor Advisories

8
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: Third Party (Eclipse Mojarra) — CVE-2020-69502023-04-15
Oracle
Oracle Oracle Communications Risk Matrix: Platform (Eclipse Mojarra) — CVE-2020-69502022-10-15
Oracle
Oracle Oracle Communications Applications Risk Matrix: Installer (Eclipse Mojarra) — CVE-2020-69502022-04-15
Oracle
Oracle Oracle E-Business Suite Risk Matrix: Timecard (Eclipse Mojarra) — CVE-2020-69502022-01-15
Oracle
Oracle Oracle Communications Applications Risk Matrix: Services Manager (Eclipse Mojarra) — CVE-2020-69502021-10-15

💬Community

1
Bugzilla
CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-143712020-02-20