Payara
Source repositories
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-37422 | Hig | 0.49 | 7.5 | 0.01 | Aug 18, 2022 | Payara through 5.2022.2 allows directory traversal without authentication. This affects Payara Server, Payara Micro, and Payara Server Embedded. | ||
| CVE-2024-8097 | Med | 0.44 | — | 0.00 | Sep 11, 2024 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Payara Platform Payara Server (Logging modules) allows Sensitive credentials posted in plain-text on the server log.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before… | ||
| CVE-2022-45129 | Hig | 0.42 | 7.5 | 0.01 | Nov 10, 2022 | Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara… |
- risk 0.49cvss 7.5epss 0.01
Payara through 5.2022.2 allows directory traversal without authentication. This affects Payara Server, Payara Micro, and Payara Server Embedded.
- risk 0.44cvss —epss 0.00
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Payara Platform Payara Server (Logging modules) allows Sensitive credentials posted in plain-text on the server log.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before…
- risk 0.42cvss 7.5epss 0.01
Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara…