PT-2024-38258 · Payara · Payara Server
Claudia Bartolini
+3
·
Published
2024-09-11
·
Updated
2024-09-13
·
CVE-2024-7312
CVSS v4.0
7.0
High
| Vector | AV:L/AC:H/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:H/SA:H |
Name of the Vulnerable Software and Affected Versions
Payara Server versions 4.1.2.191.0 through 4.1.2.191.50
Payara Server versions 5.20.0 through 5.67.0
Payara Server versions 5.2020.2 through 5.2022.5
Payara Server versions 6.0.0 through 6.18.0
Payara Server versions 6.2022.1 through 6.2024.9
Description
The issue affects the Payara Platform Payara Server, specifically the REST Management Interface modules, allowing session hijacking due to a URL Redirection to Untrusted Site ('Open Redirect') vulnerability.
Recommendations
For Payara Server versions 4.1.2.191.0 through 4.1.2.191.50, update to version 4.1.2.191.50 or later.
For Payara Server versions 5.20.0 through 5.67.0, update to version 5.67.0 or later.
For Payara Server versions 5.2020.2 through 5.2022.5, update to version 5.2022.5 or later.
For Payara Server versions 6.0.0 through 6.18.0, update to version 6.18.0 or later.
For Payara Server versions 6.2022.1 through 6.2024.9, update to version 6.2024.9 or later.
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Payara Server