Payara Platform: URL Redirection to untrusted site using FORM authentication
CVE-2023-41699

6.1MEDIUM

Key Information:

Vendor: Payara Platform
Status: Payara Server, Micro And Embedded
Vendor: CVE Published:; 15 November 2023

🔔 Create Payara Platform Vulnerability Alert

What is CVE-2023-41699?

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server, Micro and Embedded (Servlet Implementation modules) allows Redirect Access to Libraries.This issue affects Payara Server, Micro and Embedded: from 5.0.0 before 5.57.0, from 4.1.2.191 before 4.1.2.191.46, from 6.0.0 before 6.8.0, from 6.2023.1 before 6.2023.11.

Affected Version(s)

Payara Server, Micro and Embedded 5.0.0 < 5.57.0

Payara Server, Micro and Embedded 4.1.2.191 < 4.1.2.191.46

Payara Server, Micro and Embedded 6.0.0 < 6.8.0

References

https://docs.payara.fish/enterprise/docs/Release%20Notes/...

release-notes

https://docs.payara.fish/community/docs/Release%20Notes/R...

release-notes

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 15, 2023
Vulnerability Reserved
Aug 30, 2023

Credit

Hiroki Sawamura from Fujitsu