CVE-2024-8215 – Payload Injection Attack via Management REST interface
https://notcve.org/view.php?id=CVE-2024-8215
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Payara Platform Payara Server (Admin Console modules) allows Remote Code Inclusion.This issue affects Payara Server: from 5.20.0 before 5.68.0, from 6.0.0 before 6.19.0, from 6.2022.1 before 6.2024.10, from 4.1.2.191.1 before 4.1.2.191.51. • https://docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%206.2024.10.html https://docs.payara.fish/enterprise/docs/5.68.0/Release%20Notes/Release%20Notes%205.68.0.html https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.19.0.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-8097 – Sensitive information exposure when the org.glassfish.admingui LOGGER is set to FINEST level
https://notcve.org/view.php?id=CVE-2024-8097
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Payara Platform Payara Server (Logging modules) allows Sensitive credentials posted in plain-text on the server log.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from 5.20.0 before 5.67.0, from 5.2020.2 before 5.2022.5, from 4.1.2.191.0 before 4.1.2.191.50. • https://docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%206.2024.9.html https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.18.0.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-7312 – REST Interface Link Redirection via Host parameter
https://notcve.org/view.php?id=CVE-2024-7312
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server (REST Management Interface modules) allows Session Hijacking.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from 5.2020.2 before 5.2022.5, from 5.20.0 before 5.67.0, from 4.1.2.191.0 before 4.1.2.191.50. • https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%205.67.0.html https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.18.0.html https://docs.payara.fish/enterprise/docs/5.67.0/Release%20Notes/Release%20Notes%205.67.0.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •