Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Payara Server, Micro and Embedded by Payara Platform

    CVE-2023-41699 (GCVE-0-2023-41699)

    Vulnerability from nvd – Published: 2023-11-15 19:54 – Updated: 2024-08-29 17:37
    VLAI
    Title
    Payara Platform: URL Redirection to untrusted site using FORM authentication
    Summary
    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server, Micro and Embedded (Servlet Implementation modules) allows Redirect Access to Libraries.This issue affects Payara Server, Micro and Embedded: from 5.0.0 before 5.57.0, from 4.1.2.191 before 4.1.2.191.46, from 6.0.0 before 6.8.0, from 6.2023.1 before 6.2023.11.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    Impacted products
    Vendor Product Version
    Payara Platform Payara Server, Micro and Embedded Affected: 5.0.0 , < 5.57.0 (semver)
    Affected: 4.1.2.191 , < 4.1.2.191.46 (semver)
    Affected: 6.0.0 , < 6.8.0 (semver)
    Affected: 6.2023.1 , < 6.2023.11 (semver)
    Create a notification for this product.
    Date Public
    2023-11-16 21:00
    Credits
    Hiroki Sawamura from Fujitsu
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:01:35.420Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.8.0.html"
              },
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%206.2023.11.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41699",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-29T17:36:42.715958Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-29T17:37:00.722Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Servlet Implementation"
              ],
              "product": "Payara Server, Micro and Embedded",
              "vendor": "Payara Platform",
              "versions": [
                {
                  "lessThan": "5.57.0",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.1.2.191.46",
                  "status": "affected",
                  "version": "4.1.2.191",
                  "versionType": "semver"
                },
                {
                  "lessThan": "6.8.0",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "6.2023.11",
                  "status": "affected",
                  "version": "6.2023.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Hiroki Sawamura from Fujitsu"
            }
          ],
          "datePublic": "2023-11-16T21:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) vulnerability in Payara Platform Payara Server, Micro and Embedded (Servlet Implementation modules) allows Redirect Access to Libraries.\u003cp\u003eThis issue affects Payara Server, Micro and Embedded: from 5.0.0 before 5.57.0, from 4.1.2.191 before 4.1.2.191.46, from 6.0.0 before 6.8.0, from 6.2023.1 before 6.2023.11.\u003c/p\u003e"
                }
              ],
              "value": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) vulnerability in Payara Platform Payara Server, Micro and Embedded (Servlet Implementation modules) allows Redirect Access to Libraries.This issue affects Payara Server, Micro and Embedded: from 5.0.0 before 5.57.0, from 4.1.2.191 before 4.1.2.191.46, from 6.0.0 before 6.8.0, from 6.2023.1 before 6.2023.11.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-159",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-159 Redirect Access to Libraries"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-15T19:57:20.119Z",
            "orgId": "769c9ae7-73c3-4e47-ae19-903170fc3eb8",
            "shortName": "Payara"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.8.0.html"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%206.2023.11.html"
            }
          ],
          "source": {
            "defect": [
              "CVE-2023-41080"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Payara Platform: URL Redirection to untrusted site using FORM authentication",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "769c9ae7-73c3-4e47-ae19-903170fc3eb8",
        "assignerShortName": "Payara",
        "cveId": "CVE-2023-41699",
        "datePublished": "2023-11-15T19:54:23.590Z",
        "dateReserved": "2023-08-30T16:08:29.041Z",
        "dateUpdated": "2024-08-29T17:37:00.722Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-41699 (GCVE-0-2023-41699)

    Vulnerability from cvelistv5 – Published: 2023-11-15 19:54 – Updated: 2024-08-29 17:37
    VLAI
    Title
    Payara Platform: URL Redirection to untrusted site using FORM authentication
    Summary
    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server, Micro and Embedded (Servlet Implementation modules) allows Redirect Access to Libraries.This issue affects Payara Server, Micro and Embedded: from 5.0.0 before 5.57.0, from 4.1.2.191 before 4.1.2.191.46, from 6.0.0 before 6.8.0, from 6.2023.1 before 6.2023.11.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    Impacted products
    Vendor Product Version
    Payara Platform Payara Server, Micro and Embedded Affected: 5.0.0 , < 5.57.0 (semver)
    Affected: 4.1.2.191 , < 4.1.2.191.46 (semver)
    Affected: 6.0.0 , < 6.8.0 (semver)
    Affected: 6.2023.1 , < 6.2023.11 (semver)
    Create a notification for this product.
    Date Public
    2023-11-16 21:00
    Credits
    Hiroki Sawamura from Fujitsu
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:01:35.420Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.8.0.html"
              },
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%206.2023.11.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41699",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-29T17:36:42.715958Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-29T17:37:00.722Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Servlet Implementation"
              ],
              "product": "Payara Server, Micro and Embedded",
              "vendor": "Payara Platform",
              "versions": [
                {
                  "lessThan": "5.57.0",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.1.2.191.46",
                  "status": "affected",
                  "version": "4.1.2.191",
                  "versionType": "semver"
                },
                {
                  "lessThan": "6.8.0",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "6.2023.11",
                  "status": "affected",
                  "version": "6.2023.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Hiroki Sawamura from Fujitsu"
            }
          ],
          "datePublic": "2023-11-16T21:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) vulnerability in Payara Platform Payara Server, Micro and Embedded (Servlet Implementation modules) allows Redirect Access to Libraries.\u003cp\u003eThis issue affects Payara Server, Micro and Embedded: from 5.0.0 before 5.57.0, from 4.1.2.191 before 4.1.2.191.46, from 6.0.0 before 6.8.0, from 6.2023.1 before 6.2023.11.\u003c/p\u003e"
                }
              ],
              "value": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) vulnerability in Payara Platform Payara Server, Micro and Embedded (Servlet Implementation modules) allows Redirect Access to Libraries.This issue affects Payara Server, Micro and Embedded: from 5.0.0 before 5.57.0, from 4.1.2.191 before 4.1.2.191.46, from 6.0.0 before 6.8.0, from 6.2023.1 before 6.2023.11.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-159",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-159 Redirect Access to Libraries"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-15T19:57:20.119Z",
            "orgId": "769c9ae7-73c3-4e47-ae19-903170fc3eb8",
            "shortName": "Payara"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.8.0.html"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%206.2023.11.html"
            }
          ],
          "source": {
            "defect": [
              "CVE-2023-41080"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Payara Platform: URL Redirection to untrusted site using FORM authentication",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "769c9ae7-73c3-4e47-ae19-903170fc3eb8",
        "assignerShortName": "Payara",
        "cveId": "CVE-2023-41699",
        "datePublished": "2023-11-15T19:54:23.590Z",
        "dateReserved": "2023-08-30T16:08:29.041Z",
        "dateUpdated": "2024-08-29T17:37:00.722Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }