Lucene search

Redhat.comRH:CVE-2024-7312

HistorySep 11, 2024 - 5:22 p.m.

CVE-2024-7312

2024-09-1117:22:44

redhat.com

access.redhat.com

payara server

rest management interface

session hijacking

url redirection

vulnerability

mitigation

red hat product security

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

ACTIVE

CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:A/VC:H/SC:N/VI:H/SI:H/VA:H/SA:H

AI Score

6.9

Confidence

Low

JSON

A flaw was found in the Payara Server REST Management Interface modules. This vulnerability allows session hijacking via URL redirection to an untrusted site.

Mitigation

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

References

bugzilla.redhat.com/show_bug.cgi?id=2311731

docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%205.67.0.html

docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.18.0.html

nvd.nist.gov/vuln/detail/CVE-2024-7312

www.cve.org/CVERecord?id=CVE-2024-7312

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

ACTIVE

CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:A/VC:H/SC:N/VI:H/SI:H/VA:H/SA:H

AI Score

6.9

Confidence

Low

JSON

Related for RH:CVE-2024-7312