{"id":"CVE-2020-6950","details":"Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.","aliases":["GHSA-rpq8-mmwh-q9hm"],"modified":"2026-05-15T12:03:45.470903640Z","published":"2021-06-02T16:15:08.357Z","database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:a:oracle:banking_enterprise_default_management:2.10.0:*:*:*:*:*:*:*","cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"2.10.0"},{"last_affected":"2.12.0"}],"vendor_product":"oracle:banking_enterprise_default_management","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"2.6.2"},{"last_affected":"2.7.1"},{"last_affected":"2.9.0"},{"last_affected":"2.12.0"}],"cpes":["cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*","cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*","cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*","cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*"],"vendor_product":"oracle:banking_platform","source":"CPE_FIELD"},{"cpes":["cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"7.3.6"}],"vendor_product":"oracle:communications_network_integrity","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"12.0.0.3.0"}],"cpes":["cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*"],"vendor_product":"oracle:communications_pricing_design_center","source":"CPE_FIELD"},{"extracted_events":[{"fixed":"11.2.8.0"}],"cpes":["cpe:2.3:a:oracle:hyperion_calculation_manager:*:*:*:*:*:*:*:*"],"vendor_product":"oracle:hyperion_calculation_manager","source":"CPE_FIELD"},{"cpes":["cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"19.0.1"}],"vendor_product":"oracle:retail_merchandising_system","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"4.0"}],"cpes":["cpe:2.3:a:oracle:solaris_cluster:4.0:*:*:*:*:*:*:*"],"vendor_product":"oracle:solaris_cluster","source":"CPE_FIELD"},{"extracted_events":[{"introduced":"12.2.6"},{"last_affected":"12.2.11"}],"cpes":["cpe:2.3:a:oracle:time_and_labor:*:*:*:*:*:*:*:*"],"vendor_product":"oracle:time_and_labor","source":"CPE_FIELD"}]},"references":[{"type":"REPORT","url":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943"},{"type":"REPORT","url":"https://github.com/eclipse-ee4j/mojarra/issues/4571"},{"type":"FIX","url":"https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuoct2021.html"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}]}