CVE-2024-8215 – Payload Injection Attack via Management REST interface
https://notcve.org/view.php?id=CVE-2024-8215
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Payara Platform Payara Server (Admin Console modules) allows Remote Code Inclusion.This issue affects Payara Server: from 5.20.0 before 5.68.0, from 6.0.0 before 6.19.0, from 6.2022.1 before 6.2024.10, from 4.1.2.191.1 before 4.1.2.191.51. • https://docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%206.2024.10.html https://docs.payara.fish/enterprise/docs/5.68.0/Release%20Notes/Release%20Notes%205.68.0.html https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.19.0.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-8097 – Sensitive information exposure when the org.glassfish.admingui LOGGER is set to FINEST level
https://notcve.org/view.php?id=CVE-2024-8097
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Payara Platform Payara Server (Logging modules) allows Sensitive credentials posted in plain-text on the server log.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from 5.20.0 before 5.67.0, from 5.2020.2 before 5.2022.5, from 4.1.2.191.0 before 4.1.2.191.50. • https://docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%206.2024.9.html https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.18.0.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-7312 – REST Interface Link Redirection via Host parameter
https://notcve.org/view.php?id=CVE-2024-7312
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server (REST Management Interface modules) allows Session Hijacking.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from 5.2020.2 before 5.2022.5, from 5.20.0 before 5.67.0, from 4.1.2.191.0 before 4.1.2.191.50. • https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%205.67.0.html https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.18.0.html https://docs.payara.fish/enterprise/docs/5.67.0/Release%20Notes/Release%20Notes%205.67.0.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2023-41699 – Payara Platform: URL Redirection to untrusted site using FORM authentication
https://notcve.org/view.php?id=CVE-2023-41699
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server, Micro and Embedded (Servlet Implementation modules) allows Redirect Access to Libraries.This issue affects Payara Server, Micro and Embedded: from 5.0.0 before 5.57.0, from 4.1.2.191 before 4.1.2.191.46, from 6.0.0 before 6.8.0, from 6.2023.1 before 6.2023.11. Vulnerabilidad de redirección de URL a sitio no confiable ('Open Redirect') en Payara Platform Payara Server, Micro y Embedded (módulos de implementación de Servlet) permite el acceso de redireccionamiento a librerías. Este problema afecta a Payara Server, Micro y Embedded: desde 5.0.0 antes de 5.57.0 , desde 4.1.2.191 anterior a 4.1.2.191.46, desde 6.0.0 anterior a 6.8.0, desde 6.2023.1 anterior a 6.2023.11. • https://docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%206.2023.11.html https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.8.0.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2023-28462
https://notcve.org/view.php?id=CVE-2023-28462
A JNDI rebind operation in the default ORB listener in Payara Server 4.1.2.191 (Enterprise), 5.20.0 and newer (Enterprise), and 5.2020.1 and newer (Community), when Java 1.8u181 and earlier is used, allows remote attackers to load malicious code on the server once a JNDI directory scan is performed. • https://blog.payara.fish/vulnerability-affecting-server-environments-on-java-1.8-on-updates-lower-than-1.8u191 •