CVE-2020-6950

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.

References

https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741

https://github.com/eclipse-ee4j/mojarra/issues/4571

https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943

https://www.oracle.com/security-alerts/cpuoct2021.html

Details

Source: MITRE

Published: 2021-06-02

Updated: 2021-10-20

Type: CWE-22

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:eclipse:mojarra:*:*:*:*:*:*:*:*

Tenable Plugins

View all (8 total)

IDNameProductFamilySeverity
141318FreeBSD : Payara -- path trasversal flaw via either loc/con parameters in Eclipse Mojarra (b07bdd3c-0809-11eb-a3a4-0019dbb15b3f)NessusFreeBSD Local Security Checks
medium
140397RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 6 (RHSA-2020:3637)NessusRed Hat Local Security Checks
critical
140392RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 8 (RHSA-2020:3639)NessusRed Hat Local Security Checks
critical
140390RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 7 (RHSA-2020:3638)NessusRed Hat Local Security Checks
critical
137334RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.3.1 Security update (Important) (RHSA-2020:2513)NessusRed Hat Local Security Checks
critical
137333RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.3.1 Security update (Important) (RHSA-2020:2512)NessusRed Hat Local Security Checks
critical
137331RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.3.1 Security update (Important) (RHSA-2020:2511)NessusRed Hat Local Security Checks
critical
132961Oracle WebLogic Server Multiple Vulnerabilities (Jan 2020 CPU)NessusMisc.
critical