cbcvebase.

Payara Platform Payara Server vulnerabilities

6 known vulnerabilities affecting payara_platform/payara_server.

Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM3LOW1

Vulnerabilities

Page 1 of 1
CVE-2025-14340P3HIGHCVSS 7.3PoC≥ 4.1.153.1, ≤ 4.1.2.191.53≥ 5.20.0, ≤ 5.82.0+5 more2026-02-18
CVE-2025-14340 [HIGH] CWE-79 CVE-2025-14340: Cross-site scripting in REST Management Interface in Payara Server <4.1.2.191.54, <5.83.0, <6.34.0, Cross-site scripting in REST Management Interface in Payara Server <4.1.2.191.54, <5.83.0, <6.34.0, <7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payload.
nvd
CVE-2024-8215P3HIGHCVSS 8.4≥ 5.20.0, < 5.68.0≥ 6.0.0, < 6.19.0+2 more2024-10-08
CVE-2024-8215 [HIGH] CWE-79 CVE-2024-8215: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Payara Platform Payara Server (Admin Console modules) allows Remote Code Inclusion.This issue affects Payara Server: from 5.20.0 before 5.68.0, from 6.0.0 before 6.19.0, from 6.2022.1 before 6.2024.10, from 4.1.2.191.1 before 4.1.2.191.51.
nvd
CVE-2024-7312P4MEDIUMCVSS 6.1≥ 6.0.0, < 6.18.0≥ 6.2022.1, < 6.2024.9+3 more2024-09-11
CVE-2024-7312 [MEDIUM] CWE-601 CVE-2024-7312: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server ( URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server (REST Management Interface modules) allows Session Hijacking.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from 5.2020.2 before 5.2022.5, from 5.20.0 before 5.67.0, from 4.1.2.191.0 before 4.1.2.191.50.
nvd
CVE-2025-1534P4MEDIUMCVSS 5.4≥ 4.1.2.1919.1, < 4.1.2.191.51≥ 5.20.0, < 5.68.0+2 more2025-04-01
CVE-2025-1534 [MEDIUM] CWE-79 CVE-2025-1534: CVE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnera CVE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Payara Platform Payara Server allows : Remote Code Inclusion.This issue affects Payara Server: from 4.1.2.1919.1 before 4.1.2.191.51, from 5.20.0 before 5.68.0, from 6.0.0 before 6.23.0, from 6.2022.1 before 6.2025.2.
nvd
CVE-2024-8097P4MEDIUMCVSS 6.7≥ 6.0.0, < 6.18.0≥ 6.2022.1, < 6.2024.9+3 more2024-09-11
CVE-2024-8097 [MEDIUM] CWE-200 CVE-2024-8097: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Payara Platform Payara S Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Payara Platform Payara Server (Logging modules) allows Sensitive credentials posted in plain-text on the server log.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from 5.20.0 before 5.67.0, from 5.2020.2 before 5.2022.5, from 4.1.2.1
nvd
CVE-2024-45687P4LOWCVSS 2.4≥ 4.1.151, ≤ 4.1.2.191.51≥ 5.20.0, ≤ 5.70.0+3 more2025-01-21
CVE-2024-45687 [LOW] CWE-113 CVE-2024-45687: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulner Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in Payara Platform Payara Server (Grizzly, REST Management Interface modules), Payara Platform Payara Micro (Grizzly modules) allows Manipulating State, Identity Spoofing.This issue affects Payara Server: from 4.1.151 through 4.1.2.191.51, from 5
nvd
Payara Platform Payara Server vulnerabilities | cvebase