CVE-2023-41699
6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server, Micro and Embedded (Servlet Implementation modules) allows Redirect Access to Libraries.This issue affects Payara Server, Micro and Embedded: from 5.0.0 before 5.57.0, from 4.1.2.191 before 4.1.2.191.46, from 6.0.0 before 6.8.0, from 6.2023.1 before 6.2023.11.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Payara Platform | Payara Server, Micro and Embedded | 5.0.0 < 5.57.0 | affected |
| Payara Platform | Payara Server, Micro and Embedded | 4.1.2.191 < 4.1.2.191.46 | affected |
| Payara Platform | Payara Server, Micro and Embedded | 6.0.0 < 6.8.0 | affected |
| Payara Platform | Payara Server, Micro and Embedded | 6.2023.1 < 6.2023.11 | affected |
Weaknesses
- CWE-601: CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
ADP Enrichment
CVE Program Container
Additional References
- https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.8.0.html
- https://docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%206.2023.11.html
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.8.0.html
- https://docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%206.2023.11.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.