Luc Créti

**Name of the Vulnerable Software and Affected Versions** Payara Platform Community versions prior to 4.1.2.191.38 Payara Platform Community versions 5.x prior to 5.2022.4 Payara Platform Community versions 6.x prior to 6.2022.1 Payara Platform Enterprise versions prior to 5.45.0 **Description** The issue allows attackers to access sensitive directories, specifically META-INF and WEB-INF, when Payara is deployed to the root context. This is a distinct issue from other known vulnerabilities. **Recommendations** For Payara Platform Community versions prior to 4.1.2.191.38, update to version 4.1.2.191.38 or later. For Payara Platform Community versions 5.x prior to 5.2022.4, update to version 5.2022.4 or later. For Payara Platform Community versions 6.x prior to 6.2022.1, update to version 6.2022.1 or later. For Payara Platform Enterprise versions prior to 5.45.0, update to version 5.45.0 or later.