Every CVE whose affected-product data names Oracle Mojarra, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2010-4007 — CVSS 5.0 (medium): Oracle Mojarra uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to…
CVE-2010-2087 — CVSS 4.3 (medium): Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly…
CVE-2013-5855 — CVSS 4.3 (medium): Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a (1) <h:outputText> tag or (2) EL…
CVE-2012-2672 — CVSS 2.1 (low): Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext reference during startup, which allows local users to obtain context…