6.7
CVE-2024-8097
- EPSS 0.19%
- Veröffentlicht 11.09.2024 17:15:13
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle 769c9ae7-73c3-4e47-ae19-903170
- CVE-Watchlists
- Unerledigt
Sensitive information exposure when the org.glassfish.admingui LOGGER is set to FINEST level
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Payara Platform Payara Server (Logging modules) allows Sensitive credentials posted in plain-text on the server log.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from 5.20.0 before 5.67.0, from 5.2020.2 before 5.2022.5, from 4.1.2.191.0 before 4.1.2.191.50.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerPayara Platform
≫
Produkt
Payara Server
Default Statusunaffected
Version
6.0.0
Version <
6.18.0
Status
affected
Version
6.2022.1
Version <
6.2024.9
Status
affected
Version
5.20.0
Version <
5.67.0
Status
affected
Version
5.2020.2
Version <
5.2022.5
Status
affected
Version
4.1.2.191.0
Version <
4.1.2.191.50
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.085 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 769c9ae7-73c3-4e47-ae19-903170fc3eb8 | 6.7 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.18.0.html
https://docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%206.2024.9.html