Payara Server
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-14340 | Hig | 0.48 | — | 0.01 | Feb 18, 2026 | Cross-site scripting in REST Management Interface in Payara Server <4.1.2.191.54, <5.83.0, <6.34.0, <7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payload. | ||
| CVE-2024-45687 | Low | 0.16 | — | 0.00 | Jan 21, 2025 | Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in Payara Platform Payara Server (Grizzly, REST Management Interface modules), Payara Platform Payara Micro (Grizzly modules) allows Manipulating State, Identity Spoofing.This issue affects Payara Server: from 4.1.151 through 4.1.2.191.51, from 5.20.0 through 5.70.0, from 5.2020.2 through 5.2022.5, from 6.2022.1 through 6.2024.12, from 6.0.0 through 6.21.0; Payara Micro: from 4.1.152 through 4.1.2.191.51, from 5.20.0 through 5.70.0, from 5.2020.2 through 5.2022.5, from 6.2022.1 through 6.2024.12, from 6.0.0 through 6.21.0. | ||
| CVE-2025-1534 | 0.00 | — | 0.00 | Apr 1, 2025 | CVE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Payara Platform Payara Server allows : Remote Code Inclusion.This issue affects Payara Server: from 4.1.2.1919.1 before 4.1.2.191.51, from 5.20.0 before 5.68.0, from 6.0.0 before 6.23.0, from 6.2022.1 before 6.2025.2. | |||
| CVE-2024-8215 | 0.00 | — | 0.00 | Oct 8, 2024 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Payara Platform Payara Server (Admin Console modules) allows Remote Code Inclusion.This issue affects Payara Server: from 5.20.0 before 5.68.0, from 6.0.0 before 6.19.0, from 6.2022.1 before 6.2024.10, from 4.1.2.191.1 before 4.1.2.191.51. | |||
| CVE-2024-7312 | 0.00 | — | 0.00 | Sep 11, 2024 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server (REST Management Interface modules) allows Session Hijacking.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from 5.2020.2 before 5.2022.5, from 5.20.0 before 5.67.0, from 4.1.2.191.0 before 4.1.2.191.50. |
- risk 0.48cvss —epss 0.01
Cross-site scripting in REST Management Interface in Payara Server <4.1.2.191.54, <5.83.0, <6.34.0, <7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payload.
- risk 0.16cvss —epss 0.00
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in Payara Platform Payara Server (Grizzly, REST Management Interface modules), Payara Platform Payara Micro (Grizzly modules) allows Manipulating State, Identity Spoofing.This issue affects Payara Server: from 4.1.151 through 4.1.2.191.51, from 5.20.0 through 5.70.0, from 5.2020.2 through 5.2022.5, from 6.2022.1 through 6.2024.12, from 6.0.0 through 6.21.0; Payara Micro: from 4.1.152 through 4.1.2.191.51, from 5.20.0 through 5.70.0, from 5.2020.2 through 5.2022.5, from 6.2022.1 through 6.2024.12, from 6.0.0 through 6.21.0.
- CVE-2025-1534Apr 1, 2025risk 0.00cvss —epss 0.00
CVE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Payara Platform Payara Server allows : Remote Code Inclusion.This issue affects Payara Server: from 4.1.2.1919.1 before 4.1.2.191.51, from 5.20.0 before 5.68.0, from 6.0.0 before 6.23.0, from 6.2022.1 before 6.2025.2.
- CVE-2024-8215Oct 8, 2024risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Payara Platform Payara Server (Admin Console modules) allows Remote Code Inclusion.This issue affects Payara Server: from 5.20.0 before 5.68.0, from 6.0.0 before 6.19.0, from 6.2022.1 before 6.2024.10, from 4.1.2.191.1 before 4.1.2.191.51.
- CVE-2024-7312Sep 11, 2024risk 0.00cvss —epss 0.00
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server (REST Management Interface modules) allows Session Hijacking.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from 5.2020.2 before 5.2022.5, from 5.20.0 before 5.67.0, from 4.1.2.191.0 before 4.1.2.191.50.