CVE-2020-6950
CVE-2020-6950
Vexday Risk Score
23Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 10.1%KEV nãoPoC —Nuclei simMetasploit —Patch —
Lifecycle
02 Jun 2021Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.
Affected products
n/a · n/aReferences
https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741https://github.com/eclipse-ee4j/mojarra/issues/4571https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.html