12.2.6

DATE	CVE	VULNERABILITY TITLE	RISK
2021-06-02	CVE-2020-6950	Path Traversal vulnerability in multiple products Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter. network eclipse oracle CWE-22	4.3
2019-10-02	CVE-2019-17091	Cross-site Scripting vulnerability in multiple products faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled. network eclipse oracle CWE-79	4.3
2019-08-20	CVE-2019-10086	Deserialization of Untrusted Data vulnerability in multiple products In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. network low complexity apache debian opensuse fedoraproject redhat oracle CWE-502	7.3