7.5

CVE-2022-45129

Exploit
Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise before 5.45.0.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PayaraPayara SwEditioncommunity Version < 4.1.2.191.38
PayaraPayara SwEditionenterprise Version < 5.45.0
PayaraPayara SwEditioncommunity Version >= 5.0.0 < 5.2022.4
PayaraPayara SwEditioncommunity Version >= 6.0.0 < 6.2022.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.41% 0.605
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-552 Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

http://seclists.org/fulldisclosure/2022/Nov/11
Third Party Advisory
Mailing List