VYPR
Vendor

Payara Platform

Products
10
CVEs
12
Across products
19
Status
Private

Products

10

Recent CVEs

12
  • CVE-2023-28462CriMar 30, 2023
    risk 0.64cvss 9.8epss 0.01

    A JNDI rebind operation in the default ORB listener in Payara Server 4.1.2.191 (Enterprise), 5.20.0 and newer (Enterprise), and 5.2020.1 and newer (Community), when Java 1.8u181 and earlier is used, allows remote attackers to load malicious code on the server once a JNDI…

  • CVE-2021-41381HigSep 23, 2021
    risk 0.56cvss 7.5epss 0.53

    Payara Micro Community 5.2021.6 and below allows Directory Traversal.

  • CVE-2024-8215HigOct 8, 2024
    risk 0.55cvss 8.4epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Payara Platform Payara Server (Admin Console modules) allows Remote Code Inclusion.This issue affects Payara Server: from 5.20.0 before 5.68.0, from 6.0.0 before 6.19.0,…

  • CVE-2022-37422HigAug 18, 2022
    risk 0.49cvss 7.5epss 0.01

    Payara through 5.2022.2 allows directory traversal without authentication. This affects Payara Server, Payara Micro, and Payara Server Embedded.

  • CVE-2025-14340HigFeb 18, 2026
    risk 0.47cvss epss 0.01

    Cross-site scripting in REST Management Interface in Payara Server <4.1.2.191.54, <5.83.0, <6.34.0, <7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payload.

  • CVE-2024-8097MedSep 11, 2024
    risk 0.44cvss epss 0.00

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Payara Platform Payara Server (Logging modules) allows Sensitive credentials posted in plain-text on the server log.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before…

  • CVE-2022-45129HigNov 10, 2022
    risk 0.42cvss 7.5epss 0.01

    Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara…

  • CVE-2024-7312MedSep 11, 2024
    risk 0.40cvss 6.1epss 0.00

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server (REST Management Interface modules) allows Session Hijacking.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from 5.2020.2 before…

  • CVE-2023-41699MedNov 15, 2023
    risk 0.40cvss 6.1epss 0.00

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server, Micro and Embedded (Servlet Implementation modules) allows Redirect Access to Libraries.This issue affects Payara Server, Micro and Embedded: from 5.0.0 before 5.57.0, from…

  • CVE-2025-1534MedApr 1, 2025
    risk 0.35cvss 5.4epss 0.00

    CVE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Payara Platform Payara Server allows : Remote Code Inclusion.This issue affects Payara Server: from 4.1.2.1919.1 before 4.1.2.191.51, from 5.20.0 before 5.68.0, from…

  • CVE-2024-45687LowJan 21, 2025
    risk 0.16cvss epss 0.00

    Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in Payara Platform Payara Server (Grizzly, REST Management Interface modules), Payara Platform Payara Micro (Grizzly modules) allows Manipulating State, Identity…

  • CVE-2026-12986Jun 24, 2026
    risk 0.00cvss epss 0.00

    A critical vulnerability in Admin GUI in Payara Server Full 4.x, 5.x, 6.x, 7.x, 7.2026.x, 6.2025.x, 6.2024.x on All platforms that allows the attacker to leak the admin gfresttoken to an attacker-controlled host that can result in a full unauthenticated takeover of Payara admin…