7 results (0.007 seconds)

CVSS: 8.7EPSS: 0%CPEs: 4EXPL: 0

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Payara Platform Payara Server (Admin Console modules) allows Remote Code Inclusion.This issue affects Payara Server: from 5.20.0 before 5.68.0, from 6.0.0 before 6.19.0, from 6.2022.1 before 6.2024.10, from 4.1.2.191.1 before 4.1.2.191.51. • https://docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%206.2024.10.html https://docs.payara.fish/enterprise/docs/5.68.0/Release%20Notes/Release%20Notes%205.68.0.html https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.19.0.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.7EPSS: 0%CPEs: 5EXPL: 0

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Payara Platform Payara Server (Logging modules) allows Sensitive credentials posted in plain-text on the server log.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from 5.20.0 before 5.67.0, from 5.2020.2 before 5.2022.5, from 4.1.2.191.0 before 4.1.2.191.50. • https://docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%206.2024.9.html https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.18.0.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server (REST Management Interface modules) allows Session Hijacking.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from 5.2020.2 before 5.2022.5, from 5.20.0 before 5.67.0, from 4.1.2.191.0 before 4.1.2.191.50. • https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%205.67.0.html https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.18.0.html https://docs.payara.fish/enterprise/docs/5.67.0/Release%20Notes/Release%20Notes%205.67.0.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server, Micro and Embedded (Servlet Implementation modules) allows Redirect Access to Libraries.This issue affects Payara Server, Micro and Embedded: from 5.0.0 before 5.57.0, from 4.1.2.191 before 4.1.2.191.46, from 6.0.0 before 6.8.0, from 6.2023.1 before 6.2023.11. Vulnerabilidad de redirección de URL a sitio no confiable ('Open Redirect') en Payara Platform Payara Server, Micro y Embedded (módulos de implementación de Servlet) permite el acceso de redireccionamiento a librerías. Este problema afecta a Payara Server, Micro y Embedded: desde 5.0.0 antes de 5.57.0 , desde 4.1.2.191 anterior a 4.1.2.191.46, desde 6.0.0 anterior a 6.8.0, desde 6.2023.1 anterior a 6.2023.11. • https://docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%206.2023.11.html https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.8.0.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

A JNDI rebind operation in the default ORB listener in Payara Server 4.1.2.191 (Enterprise), 5.20.0 and newer (Enterprise), and 5.2020.1 and newer (Community), when Java 1.8u181 and earlier is used, allows remote attackers to load malicious code on the server once a JNDI directory scan is performed. • https://blog.payara.fish/vulnerability-affecting-server-environments-on-java-1.8-on-updates-lower-than-1.8u191 •