HomePentest-Tools.com Logo

Eclipse Mojarra - Local File Read CVE-2020-6950

Severity
CVSSv3 Score
6.5
Vulnerability description

Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.\n

Risk description

The risk exists that a remote unauthenticated attacker could exploit this vulnerability to read sensitive information from arbitrary files located on the file system of the server.

Recommendation

We recommend you to upgrade the affected software to the latest version, which mitigates this vulnerability.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Jun 2, 2021
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available