3 results (0.011 seconds)

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server, Micro and Embedded (Servlet Implementation modules) allows Redirect Access to Libraries.This issue affects Payara Server, Micro and Embedded: from 5.0.0 before 5.57.0, from 4.1.2.191 before 4.1.2.191.46, from 6.0.0 before 6.8.0, from 6.2023.1 before 6.2023.11. Vulnerabilidad de redirección de URL a sitio no confiable ('Open Redirect') en Payara Platform Payara Server, Micro y Embedded (módulos de implementación de Servlet) permite el acceso de redireccionamiento a librerías. Este problema afecta a Payara Server, Micro y Embedded: desde 5.0.0 antes de 5.57.0 , desde 4.1.2.191 anterior a 4.1.2.191.46, desde 6.0.0 anterior a 6.8.0, desde 6.2023.1 anterior a 6.2023.11. • https://docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%206.2023.11.html https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.8.0.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1

Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise before 5.45.0. Payara antes del 4 de noviembre de 2022, cuando se implementaba en el contexto root, permitía a los atacantes visitar META-INF y WEB-INF, una vulnerabilidad diferente a CVE-2022-37422. Esto afecta a Payara Platform Community antes de 4.1.2.191.38, 5.x antes de 5.2022.4 y 6.x antes de 6.2022.1, y a Payara Platform Enterprise antes de 5.45.0. Payara Platform suffers from a path traversal vulnerability. • http://packetstormsecurity.com/files/169864/Payara-Platform-Path-Traversal.html http://seclists.org/fulldisclosure/2022/Nov/11 https://blog.payara.fish/whats-new-in-the-november-2022-payara-platform-release https://docs.payara.fish/community/docs/6.2022.1/Release%20Notes/Release%20Notes%206.2022.1.html https://docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%205.2022.4.html https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%205.45.0.html https://github.com • CWE-552: Files or Directories Accessible to External Parties •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

Payara through 5.2022.2 allows directory traversal without authentication. This affects Payara Server, Payara Micro, and Payara Server Embedded. Payara versiones hasta 5.2022.2, permite un salto de directorio sin autenticación. Esto afecta a Payara Server, Payara Micro y Payara Server Embedded. • https://blog.payara.fish/august-community-5-release https://www.payara.fish/downloads • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •