{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Payara through 5.2022.2 allows directory traversal without authentication. This affects Payara Server, Payara Micro, and Payara Server Embedded."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-18T18:02:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.payara.fish/downloads/"}, {"tags": ["x_refsource_MISC"], "url": "https://blog.payara.fish/august-community-5-release"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-37422", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Payara through 5.2022.2 allows directory traversal without authentication. This affects Payara Server, Payara Micro, and Payara Server Embedded."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.payara.fish/downloads/", "refsource": "MISC", "url": "https://www.payara.fish/downloads/"}, {"name": "https://blog.payara.fish/august-community-5-release", "refsource": "MISC", "url": "https://blog.payara.fish/august-community-5-release"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:29:20.971Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.payara.fish/downloads/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://blog.payara.fish/august-community-5-release"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-37422", "datePublished": "2022-08-18T18:02:01", "dateReserved": "2022-08-05T00:00:00", "dateUpdated": "2024-08-03T10:29:20.971Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:payara:payara:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "DD6C9BF7-1CEC-4052-81A1-8D2C2269AC9B", "versionEndExcluding": "4.1.2.191.36", "vulnerable": true}, {"criteria": "cpe:2.3:a:payara:payara:*:*:*:*:community:*:*:*", "matchCriteriaId": "2D7EDD1C-D206-43E7-BBC3-2A51983808C8", "versionEndExcluding": "5.2022.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:payara:payara:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "7492FF19-9131-4230-ADD9-997E6A80354B", "versionEndExcluding": "5.42.0", "versionStartIncluding": "5.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Payara through 5.2022.2 allows directory traversal without authentication. This affects Payara Server, Payara Micro, and Payara Server Embedded."}, {"lang": "es", "value": "Payara versiones hasta 5.2022.2, permite un salto de directorio sin autenticaci\u00f3n. Esto afecta a Payara Server, Payara Micro y Payara Server Embedded."}], "id": "CVE-2022-37422", "lastModified": "2022-08-20T01:56:42.163", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-18T19:15:14.663", "references": [{"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://blog.payara.fish/august-community-5-release"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.payara.fish/downloads/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "payara: directory traversal without authentication", "id": "2119821", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2119821"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-22", "details": ["Payara through 5.2022.2 allows directory traversal without authentication. This affects Payara Server, Payara Micro, and Payara Server Embedded.", "A security vulnerability was found in payara. This flaw allows an attacker to perform a directory traversal without authentication."], "name": "CVE-2022-37422", "package_state": [{"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Out of support scope", "package_name": "payara", "product_name": "Red Hat JBoss Data Grid 7"}], "public_date": "2022-08-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-37422\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-37422"], "threat_severity": "Moderate"}