CVE-2022-45129 – Payara Platform Path Traversal
https://notcve.org/view.php?id=CVE-2022-45129
Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise before 5.45.0. Payara antes del 4 de noviembre de 2022, cuando se implementaba en el contexto root, permitía a los atacantes visitar META-INF y WEB-INF, una vulnerabilidad diferente a CVE-2022-37422. Esto afecta a Payara Platform Community antes de 4.1.2.191.38, 5.x antes de 5.2022.4 y 6.x antes de 6.2022.1, y a Payara Platform Enterprise antes de 5.45.0. Payara Platform suffers from a path traversal vulnerability. • http://packetstormsecurity.com/files/169864/Payara-Platform-Path-Traversal.html http://seclists.org/fulldisclosure/2022/Nov/11 https://blog.payara.fish/whats-new-in-the-november-2022-payara-platform-release https://docs.payara.fish/community/docs/6.2022.1/Release%20Notes/Release%20Notes%206.2022.1.html https://docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%205.2022.4.html https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%205.45.0.html https://github.com • CWE-552: Files or Directories Accessible to External Parties •
CVE-2022-37422
https://notcve.org/view.php?id=CVE-2022-37422
Payara through 5.2022.2 allows directory traversal without authentication. This affects Payara Server, Payara Micro, and Payara Server Embedded. Payara versiones hasta 5.2022.2, permite un salto de directorio sin autenticación. Esto afecta a Payara Server, Payara Micro y Payara Server Embedded. • https://blog.payara.fish/august-community-5-release https://www.payara.fish/downloads • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2021-41381 – Payara Micro Community 5.2021.6 - Directory Traversal
https://notcve.org/view.php?id=CVE-2021-41381
Payara Micro Community 5.2021.6 and below allows Directory Traversal. Payara Micro Community versiones 5.2021.6 e inferiores, permiten un Salto de Directorio Payara Micro Community version 5.2021.6 suffers from a directory traversal vulnerability. • https://www.exploit-db.com/exploits/50371 https://github.com/Net-hunter121/CVE-2021-41381 http://packetstormsecurity.com/files/164365/Payara-Micro-Community-5.2021.6-Directory-Traversal.html http://packetstormsecurity.com/files/169864/Payara-Platform-Path-Traversal.html http://seclists.org/fulldisclosure/2022/Nov/11 https://github.com/Net-hunter121/CVE-2021-41381/blob/main/CVE:%202021-41381-POC https://www.payara.fish https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021- • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •