2 matches found
Code injection
Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise befo...
CVE-2022-37422
CVE-2022-37422 describes an unauthenticated directory traversal in Payara products (Payara Server, Payara Micro, and Payara Server Embedded) that can be exploited without authentication. The vulnerability stems from directory traversal mechanisms in Payara up to version 5.2022.x (referenced as th...