CVE-2020-6950

high-risk

Published 2021-06-02

Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.

Do I need to act?

51.7% chance of exploitation in next 30 days

EPSS score — higher than 48% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

NETWORK / LOW complexity

Mojarra

Banking Enterprise Default Management

Banking Platform

Communications Network Integrity

Communications Pricing Design Center

Hyperion Calculation Manager

Retail Merchandising System

Solaris Cluster

Time And Labor

Oracle Eclipse

Issue Tracking https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943

Patch https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb937...

Issue Tracking https://github.com/eclipse-ee4j/mojarra/issues/4571

Patch https://www.oracle.com/security-alerts/cpuapr2022.html

Patch https://www.oracle.com/security-alerts/cpujan2022.html

Patch https://www.oracle.com/security-alerts/cpuoct2021.html

Issue Tracking https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943

Patch https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb937...

Issue Tracking https://github.com/eclipse-ee4j/mojarra/issues/4571

Patch https://www.oracle.com/security-alerts/cpuapr2022.html

Patch https://www.oracle.com/security-alerts/cpujan2022.html

Patch https://www.oracle.com/security-alerts/cpuoct2021.html

/ 100

high-risk

Severity 24/34 · High

Exploitability 18/34 · Moderate

Exposure 17/34 · Moderate