// For flags

CVE-2022-45129

Payara Platform Path Traversal

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise before 5.45.0.

Payara antes del 4 de noviembre de 2022, cuando se implementaba en el contexto root, permitía a los atacantes visitar META-INF y WEB-INF, una vulnerabilidad diferente a CVE-2022-37422. Esto afecta a Payara Platform Community antes de 4.1.2.191.38, 5.x antes de 5.2022.4 y 6.x antes de 6.2022.1, y a Payara Platform Enterprise antes de 5.45.0.

Payara Platform suffers from a path traversal vulnerability. Enterprise versions prior to 5.45.0 and Community versions prior to 6.2022.1, 5.2022.4, and 4.1.2.191.38 are affected.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-11-10 CVE Reserved
  • 2022-11-10 CVE Published
  • 2024-07-30 EPSS Updated
  • 2024-08-03 CVE Updated
  • 2024-08-03 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-552: Files or Directories Accessible to External Parties
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Payara
Search vendor "Payara"
Payara
Search vendor "Payara" for product "Payara"
< 4.1.2.191.38
Search vendor "Payara" for product "Payara" and version " < 4.1.2.191.38"
community
Affected
Payara
Search vendor "Payara"
Payara
Search vendor "Payara" for product "Payara"
< 5.45.0
Search vendor "Payara" for product "Payara" and version " < 5.45.0"
enterprise
Affected
Payara
Search vendor "Payara"
Payara
Search vendor "Payara" for product "Payara"
>= 5.0.0 < 5.2022.4
Search vendor "Payara" for product "Payara" and version " >= 5.0.0 < 5.2022.4"
community
Affected
Payara
Search vendor "Payara"
Payara
Search vendor "Payara" for product "Payara"
>= 6.0.0 < 6.2022.1
Search vendor "Payara" for product "Payara" and version " >= 6.0.0 < 6.2022.1"
community
Affected