Skip to main content

Payara

6 CVEs product

Monthly

CVE-2025-1534 MEDIUM This Month

CVE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Payara Platform Payara Server allows : Remote Code Inclusion.1.2.1919.1 before. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Payara
NVD
CVSS 4.0
6.8
EPSS
0.1%
CVE-2024-8215 HIGH This Week

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Payara Platform Payara Server (Admin Console modules) allows Remote Code Inclusion.20.0. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable. No vendor patch available.

XSS Payara
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2024-7312 HIGH This Week

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server (REST Management Interface modules) allows Session Hijacking.0.0 before 6.18.0, from 6.2022.1 before. Rated high severity (CVSS 7.0). No vendor patch available.

Open Redirect Payara
NVD
CVSS 4.0
7.0
EPSS
0.2%
CVE-2023-41699 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server, Micro and Embedded (Servlet Implementation modules) allows Redirect Access to Libraries.0.0 before. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Payara
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-45129 Maven HIGH POC PATCH This Week

Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Information Disclosure Payara
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-37422 Maven HIGH PATCH This Week

Payara through 5.2022.2 allows directory traversal without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Payara
NVD
CVSS 3.1
7.5
EPSS
1.1%
EPSS 0% CVSS 6.8
MEDIUM This Month

CVE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Payara Platform Payara Server allows : Remote Code Inclusion.1.2.1919.1 before. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Payara
NVD
EPSS 0% CVSS 8.7
HIGH This Week

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Payara Platform Payara Server (Admin Console modules) allows Remote Code Inclusion.20.0. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable. No vendor patch available.

XSS Payara
NVD
EPSS 0% CVSS 7.0
HIGH This Week

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server (REST Management Interface modules) allows Session Hijacking.0.0 before 6.18.0, from 6.2022.1 before. Rated high severity (CVSS 7.0). No vendor patch available.

Open Redirect Payara
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server, Micro and Embedded (Servlet Implementation modules) allows Redirect Access to Libraries.0.0 before. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Payara
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Information Disclosure Payara
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Payara through 5.2022.2 allows directory traversal without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Payara
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy