Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
IdentityIQ JavaServer Faces File Path Traversal Vulnerability
Vulnerability Description
This vulnerability allows access to arbitrary files in the application server file system due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950. The remediation for this vulnerability contained in this security fix provides additional changes to the remediation announced in May 2021 tracked by ETN IIQSAW-3585 and January 2024 tracked by IIQFW-336. This vulnerability in IdentityIQ is assigned CVE-2024-2227.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Oracle JavaServer Faces 路径遍历漏洞
Vulnerability Description
Oracle JavaServer Faces是美国甲骨文(Oracle)公司的Java平台上的一种用户界面框架,用于构建基于Web的用户界面组件和应用程序。 Oracle JavaServer Faces (JSF) 2.2.20版本存在路径遍历漏洞,该漏洞源于允许访问应用程序服务器文件系统中的任意文件。
CVSS Information
N/A
Vulnerability Type
N/A