CVE-2024-7312
published 2024-09-11CVE-2024-7312: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server (REST Management Interface modules) allows Session…
PriorityP427medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.21%
11.3th percentile
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server (REST Management Interface modules) allows Session Hijacking.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from 5.2020.2 before 5.2022.5, from 5.20.0 before 5.67.0, from 4.1.2.191.0 before 4.1.2.191.50.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| payara | payara | >= 4.1.2.191.0 < 4.1.2.191.50 | 4.1.2.191.50 |
| payara | payara | >= 5.20.0 < 5.67.0 | 5.67.0 |
| payara | payara | >= 5.2020.2 < 5.2022.5 | 5.2022.5 |
| payara | payara | >= 6.0.0 < 6.18.0 | 6.18.0 |
| payara | payara | >= 6.2022.1 < 6.2024.9 | 6.2024.9 |
| payara_platform | payara_server | >= 4.1.2.191.0 < 4.1.2.191.50 | 4.1.2.191.50 |
| payara_platform | payara_server | >= 5.20.0 < 5.67.0 | 5.67.0 |
| payara_platform | payara_server | >= 5.2020.2 < 5.2022.5 | 5.2022.5 |
| payara_platform | payara_server | >= 6.0.0 < 6.18.0 | 6.18.0 |
| payara_platform | payara_server | >= 6.2022.1 < 6.2024.9 | 6.2024.9 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv4.07.0HIGHCVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_redhat7.0HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jfgw-v3p5-42qh: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server (REST Management Interface modules) allows Session
ghsa_unreviewed·2024-09-11
CVE-2024-7312 [HIGH] CWE-601 GHSA-jfgw-v3p5-42qh: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server (REST Management Interface modules) allows Session
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server (REST Management Interface modules) allows Session Hijacking.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from 5.2020.2 before 5.2022.5, from 5.20.0 before 5.67.0, from 4.1.2.191.0 before 4.1.2.191.50.
Red Hat
payara: Open Redirect Vulnerability in Payara Server REST Management Interface
vendor_redhat·2024-09-11·CVSS 7.0
CVE-2024-7312 [HIGH] CWE-601 payara: Open Redirect Vulnerability in Payara Server REST Management Interface
payara: Open Redirect Vulnerability in Payara Server REST Management Interface
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server (REST Management Interface modules) allows Session Hijacking.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from 5.2020.2 before 5.2022.5, from 5.20.0 before 5.67.0, from 4.1.2.191.0 before 4.1.2.191.50.
A flaw was found in the Payara Server REST Management Interface modules. This vulnerability allows session hijacking via URL redirection to an untrusted site.
Statement: The Open Redirect vulnerability in the Payara Server REST Management Interface modules is classified as a moderate severity issue due to its reliance on additional exploit scenarios and the need for us
No detection rules found.
No public exploits indexed.
2024-09-11
Published