7.5

CVE-2022-45129

Exploit
Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise before 5.45.0.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PayaraPayara SwEditioncommunity Version < 4.1.2.191.38
PayaraPayara SwEditionenterprise Version < 5.45.0
PayaraPayara SwEditioncommunity Version >= 5.0.0 < 5.2022.4
PayaraPayara SwEditioncommunity Version >= 6.0.0 < 6.2022.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.34% 0.675
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-552 Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

http://packetstormsecurity.com/files/169864/Payara-Platform-Path-Traversal.html
Third Party Advisory
Exploit
VDB Entry
http://seclists.org/fulldisclosure/2022/Nov/11
Third Party Advisory
Mailing List
https://blog.payara.fish/whats-new-in-the-november-2022-payara-platform-release
Vendor Advisory
Release Notes
https://docs.payara.fish/community/docs/6.2022.1/Release%20Notes/Release%20Notes%206.2022.1.html
Vendor Advisory
Release Notes
https://docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%205.2022.4.html
Vendor Advisory
Release Notes
https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%205.45.0.html
Vendor Advisory
Release Notes
https://github.com/payara/Payara/commit/cccdfddeda71c78ae7b3179db5429e1bb8a56b2e
Patch
Third Party Advisory