Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-8215

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Payara Platform Payara Server (Admin Console modules) allows Remote Code Inclusion.This issue affects Payara Server: from 5.20.0 before 5.68.0, from 6.0.0 before 6.19.0, from 6.2022.1 before 6.2024.10, from 4.1.2.191.1 before 4.1.2.191.51.

Published

2024-10-08T16:15:13.380

Last Modified

2024-10-16T17:58:52.013

Status

Analyzed

Source

769c9ae7-73c3-4e47-ae19-903170fc3eb8

Severity

CVSSv3.1: 8.4 (HIGH)

Weaknesses

Type: Secondary
CWE-79
Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	payara	payara	< 4.1.2.191.51	Yes
Application	payara	payara	< 5.68.0	Yes
Application	payara	payara	≤ 6.19.0	Yes
Application	payara	payara	< 6.2024.10	Yes

References

https://docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%206.2024.10.html Release Notes (769c9ae7-73c3-4e47-ae19-903170fc3eb8)
https://docs.payara.fish/enterprise/docs/5.68.0/Release%20Notes/Release%20Notes%205.68.0.html Release Notes (769c9ae7-73c3-4e47-ae19-903170fc3eb8)
https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.19.0.html Release Notes (769c9ae7-73c3-4e47-ae19-903170fc3eb8)