Page 2 of 7 results (0.005 seconds)

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1

Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise before 5.45.0. Payara antes del 4 de noviembre de 2022, cuando se implementaba en el contexto root, permitía a los atacantes visitar META-INF y WEB-INF, una vulnerabilidad diferente a CVE-2022-37422. Esto afecta a Payara Platform Community antes de 4.1.2.191.38, 5.x antes de 5.2022.4 y 6.x antes de 6.2022.1, y a Payara Platform Enterprise antes de 5.45.0. Payara Platform suffers from a path traversal vulnerability. • http://packetstormsecurity.com/files/169864/Payara-Platform-Path-Traversal.html http://seclists.org/fulldisclosure/2022/Nov/11 https://blog.payara.fish/whats-new-in-the-november-2022-payara-platform-release https://docs.payara.fish/community/docs/6.2022.1/Release%20Notes/Release%20Notes%206.2022.1.html https://docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%205.2022.4.html https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%205.45.0.html https://github.com • CWE-552: Files or Directories Accessible to External Parties •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

Payara through 5.2022.2 allows directory traversal without authentication. This affects Payara Server, Payara Micro, and Payara Server Embedded. Payara versiones hasta 5.2022.2, permite un salto de directorio sin autenticación. Esto afecta a Payara Server, Payara Micro y Payara Server Embedded. • https://blog.payara.fish/august-community-5-release https://www.payara.fish/downloads • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •