PT-2023-28054 · Payara · Payara Micro/Embedded+1
Hiroki Sawamura
·
Publicado
2023-11-15
·
Atualizado
2023-11-23
·
CVE-2023-41699
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Payara Server versions 5.0.0 through 5.56.0
Payara Server versions 4.1.2.191 through 4.1.2.191.45
Payara Server versions 6.0.0 through 6.7.0
Payara Server versions 6.2023.1 through 6.2023.10
Payara Micro and Embedded versions 5.0.0 through 5.56.0
Payara Micro and Embedded versions 4.1.2.191 through 4.1.2.191.45
Payara Micro and Embedded versions 6.0.0 through 6.7.0
Payara Micro and Embedded versions 6.2023.1 through 6.2023.10
Description
The issue affects the Payara Platform, allowing URL redirection to untrusted sites. This can enable redirect access to libraries.
Recommendations
For Payara Server versions 5.0.0 through 5.56.0, update to version 5.57.0 or later.
For Payara Server versions 4.1.2.191 through 4.1.2.191.45, update to version 4.1.2.191.46 or later.
For Payara Server versions 6.0.0 through 6.7.0, update to version 6.8.0 or later.
For Payara Server versions 6.2023.1 through 6.2023.10, update to version 6.2023.11 or later.
For Payara Micro and Embedded versions 5.0.0 through 5.56.0, update to version 5.57.0 or later.
For Payara Micro and Embedded versions 4.1.2.191 through 4.1.2.191.45, update to version 4.1.2.191.46 or later.
For Payara Micro and Embedded versions 6.0.0 through 6.7.0, update to version 6.8.0 or later.
For Payara Micro and Embedded versions 6.2023.1 through 6.2023.10, update to version 6.2023.11 or later.
Correção
Open Redirect
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Payara Micro/Embedded
Payara Server