PayaraVULNRICHMENT:CVE-2024-7312CVE-2024-7312 REST Interface Link Redirection via Host parameter
CVSS4
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
ACTIVE
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:A/VC:H/SC:N/VI:H/SI:H/VA:H/SA:H
AI Score
Confidence
High
EPSS
Percentile
17.7%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Payara Platform Payara Server (REST Management Interface modules) allows Session Hijacking.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from 5.2020.2 before 5.2022.5, from 5.20.0 before 5.67.0, from 4.1.2.191.0 before 4.1.2.191.50.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:payara:payara:*:*:*:*:enterprise:*:*:*"
],
"vendor": "payara",
"product": "payara",
"versions": [
{
"status": "affected",
"version": "6.0.0",
"lessThan": "6.18.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "6.2022.1",
"lessThan": "6.2024.6",
"versionType": "semver"
},
{
"status": "affected",
"version": "5.2020.2",
"lessThan": "5.2022.5",
"versionType": "semver"
},
{
"status": "affected",
"version": "4.1.2.191.0",
"lessThan": "4.1.2.191.50",
"versionType": "semver"
}
],
"defaultStatus": "unknown"
}
]Related
CVSS4
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
ACTIVE
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:A/VC:H/SC:N/VI:H/SI:H/VA:H/SA:H
AI Score
Confidence
High
EPSS
Percentile
17.7%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total