Payara Platform: URL Redirection to untrusted site using FORM authentication
CVE-2023-41699

6.1MEDIUM

Key Information:

Vendor: Payara Platform
Status: Payara Server, Micro And Embedded
Vendor: CVE Published:; 15 November 2023

🔔 Create Payara Platform Vulnerability Alert

What is CVE-2023-41699?

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server, Micro and Embedded (Servlet Implementation modules) allows Redirect Access to Libraries.This issue affects Payara Server, Micro and Embedded: from 5.0.0 before 5.57.0, from 4.1.2.191 before 4.1.2.191.46, from 6.0.0 before 6.8.0, from 6.2023.1 before 6.2023.11.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Payara Server, Micro and Embedded 5.0.0 < 5.57.0

Payara Server, Micro and Embedded 4.1.2.191 < 4.1.2.191.46

Payara Server, Micro and Embedded 6.0.0 < 6.8.0

References

https://docs.payara.fish/enterprise/docs/Release%20Notes/...

release-notes

https://docs.payara.fish/community/docs/Release%20Notes/R...

release-notes

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 15, 2023
Vulnerability Reserved
Aug 30, 2023

Credit

Hiroki Sawamura from Fujitsu

JSON

Payara Platform