Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-6950 | 2 Eclipse, Oracle | 9 Mojarra, Banking Enterprise Default Management, Banking Platform and 6 more | 2022-05-12 | 4.3 MEDIUM | 6.5 MEDIUM |
Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter. | |||||
CVE-2019-17091 | 2 Eclipse, Oracle | 23 Mojarra, Application Testing Suite, Banking Enterprise Product Manufacturing and 20 more | 2022-04-06 | 4.3 MEDIUM | 6.1 MEDIUM |
faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled. | |||||
CVE-2018-14371 | 1 Eclipse | 1 Mojarra | 2018-09-17 | 5.0 MEDIUM | 7.5 HIGH |
The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications. |