Awaiting Analysis
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Products
Payara Platform Payara Server
- 6.0.0 - 6.18.0
- 6.2022.1 - 6.2024.9
- 5.2020.2 - 5.2022.5
- 5.20.0 - 5.67.0
- 4.1.2.191.0 - 4.1.2.191.50
Source
769c9ae7-73c3-4e47-ae19-903170fc3eb8
Tags
CVE-2024-7312 details
Published : Sept. 11, 2024, 4:15 p.m.
Last Modified : Sept. 11, 2024, 8:15 p.m.
Last Modified : Sept. 11, 2024, 8:15 p.m.
Description
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server (REST Management Interface modules) allows Session Hijacking.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from 5.2020.2 before 5.2022.5, from 5.20.0 before 5.67.0, from 4.1.2.191.0 before 4.1.2.191.50.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-601 | URL Redirection to Untrusted Site ('Open Redirect') | A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks. |
References
| URL | Source |
|---|---|
| https://docs.payara.fish/enterprise/docs/5.67.0/Release%20Notes/Release%20Notes%205.67.0.html | 769c9ae7-73c3-4e47-ae19-903170fc3eb8 |
| https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.18.0.html | 769c9ae7-73c3-4e47-ae19-903170fc3eb8 |
This website uses the NVD API, but is not approved or certified by it.