Описание
Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise before 5.45.0.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- PatchThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.1.2.191.38 (исключая)Версия до 5.45.0 (исключая)Версия от 5.0.0 (включая) до 5.2022.4 (исключая)Версия от 6.0.0 (включая) до 6.2022.1 (исключая)
Одно из
cpe:2.3:a:payara:payara:*:*:*:*:community:*:*:*
cpe:2.3:a:payara:payara:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:payara:payara:*:*:*:*:community:*:*:*
cpe:2.3:a:payara:payara:*:*:*:*:community:*:*:*
EPSS
Процентиль: 61%
0.00406
Низкий
7.5 High
CVSS3
Дефекты
CWE-552
CWE-552
Связанные уязвимости
CVSS3: 7.5
github
около 3 лет назад
Payara, when deployed to the root context, allows attackers to visit META-INF and WEB-INF
EPSS
Процентиль: 61%
0.00406
Низкий
7.5 High
CVSS3
Дефекты
CWE-552
CWE-552