CVE-2022-45129
Payara Platform Path Traversal
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise before 5.45.0.
Payara antes del 4 de noviembre de 2022, cuando se implementaba en el contexto root, permitÃa a los atacantes visitar META-INF y WEB-INF, una vulnerabilidad diferente a CVE-2022-37422. Esto afecta a Payara Platform Community antes de 4.1.2.191.38, 5.x antes de 5.2022.4 y 6.x antes de 6.2022.1, y a Payara Platform Enterprise antes de 5.45.0.
Payara Platform suffers from a path traversal vulnerability. Enterprise versions prior to 5.45.0 and Community versions prior to 6.2022.1, 5.2022.4, and 4.1.2.191.38 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-11-10 CVE Reserved
- 2022-11-10 CVE Published
- 2024-07-30 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-552: Files or Directories Accessible to External Parties
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
http://seclists.org/fulldisclosure/2022/Nov/11 | Mailing List |
URL | Date | SRC |
---|---|---|
http://packetstormsecurity.com/files/169864/Payara-Platform-Path-Traversal.html | 2024-08-03 |
URL | Date | SRC |
---|---|---|
https://github.com/payara/Payara/commit/cccdfddeda71c78ae7b3179db5429e1bb8a56b2e | 2023-01-20 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Payara Search vendor "Payara" | Payara Search vendor "Payara" for product "Payara" | < 4.1.2.191.38 Search vendor "Payara" for product "Payara" and version " < 4.1.2.191.38" | community |
Affected
| ||||||
Payara Search vendor "Payara" | Payara Search vendor "Payara" for product "Payara" | < 5.45.0 Search vendor "Payara" for product "Payara" and version " < 5.45.0" | enterprise |
Affected
| ||||||
Payara Search vendor "Payara" | Payara Search vendor "Payara" for product "Payara" | >= 5.0.0 < 5.2022.4 Search vendor "Payara" for product "Payara" and version " >= 5.0.0 < 5.2022.4" | community |
Affected
| ||||||
Payara Search vendor "Payara" | Payara Search vendor "Payara" for product "Payara" | >= 6.0.0 < 6.2022.1 Search vendor "Payara" for product "Payara" and version " >= 6.0.0 < 6.2022.1" | community |
Affected
|