CVE-2023-41699 MEDIUM

CVE-2023-41699: Payara Platform: URL Redirection to untrusted site using FORM authentication

Vendor Payara Platform

Product Payara Server, Micro and Embedded

Weakness CWE-601 · Open redirect

Published November 15, 2023

Last update August 29, 2024

View on NVD All CVEs

CVSS base score

6.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server, Micro and Embedded (Servlet Implementation modules) allows Redirect Access to Libraries.This issue affects Payara Server, Micro and Embedded: from 5.0.0 before 5.57.0, from 4.1.2.191 before 4.1.2.191.46, from 6.0.0 before 6.8.0, from 6.2023.1 before 6.2023.11.

Key dates

02Disclosure timeline

November 15, 2023 CVE published

August 29, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-41699 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/601.html

Related vulnerabilities

Identifiers

CVE CVE-2023-41699

CWE CWE-601

CVSS 6.1 / MEDIUM

Affected versions

Vendor Payara Platform

Product Payara Server, Micro and Embedded

Affected ≥ 5.0.0 and < 5.57.0

Vendor Payara Platform

Product Payara Server, Micro and Embedded

Affected ≥ 4.1.2.191 and < 4.1.2.191.46

Vendor Payara Platform

Product Payara Server, Micro and Embedded

Affected ≥ 6.0.0 and < 6.8.0

Vendor Payara Platform

Product Payara Server, Micro and Embedded

Affected ≥ 6.2023.1 and < 6.2023.11

CVE-2023-41699: Payara Platform: URL Redirection to untrusted site using FORM authentication

01Description

02Disclosure timeline

03References

04Related CVE