CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS
Percentile
93.1%
Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.
Vendor | Product | Version | CPE |
---|---|---|---|
eclipse | mojarra | * | cpe:2.3:a:eclipse:mojarra:*:*:*:*:*:*:*:* |
oracle | banking_enterprise_default_management | 2.10.0 | cpe:2.3:a:oracle:banking_enterprise_default_management:2.10.0:*:*:*:*:*:*:* |
oracle | banking_enterprise_default_management | 2.12.0 | cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:* |
oracle | banking_platform | 2.6.2 | cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:* |
oracle | banking_platform | 2.7.1 | cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:* |
oracle | banking_platform | 2.9.0 | cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:* |
oracle | banking_platform | 2.12.0 | cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:* |
oracle | communications_network_integrity | 7.3.6 | cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:* |
oracle | communications_pricing_design_center | 12.0.0.3.0 | cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:* |
oracle | hyperion_calculation_manager | * | cpe:2.3:a:oracle:hyperion_calculation_manager:*:*:*:*:*:*:*:* |
bugs.eclipse.org/bugs/show_bug.cgi?id=550943
github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741
github.com/eclipse-ee4j/mojarra/issues/4571
www.oracle.com/security-alerts/cpuapr2022.html
www.oracle.com/security-alerts/cpujan2022.html
www.oracle.com/security-alerts/cpuoct2021.html
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS
Percentile
93.1%