CVE-2022-37422: Path Traversal
First published: Thu Aug 18 2022(Updated: )
Payara through 5.2022.2 allows directory traversal without authentication. This affects Payara Server, Payara Micro, and Payara Server Embedded.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Payara Payara | <4.1.2.191.36 | |
| Payara Payara | <5.2022.3 | |
| Payara Payara | >=5.0.0<5.42.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-37422?
CVE-2022-37422 is a vulnerability in Payara Server, Payara Micro, and Payara Server Embedded that allows directory traversal without authentication.
Which versions of Payara are affected by CVE-2022-37422?
CVE-2022-37422 affects Payara versions 4.1.2.191.36 up to, but not including, 5.2022.3 for the community edition, and affects versions 5.0.0 up to, but not including, 5.42.0 for the enterprise edition.
What is the severity of CVE-2022-37422?
The severity of CVE-2022-37422 is high with a CVSS score of 7.5.
How can I fix CVE-2022-37422?
To fix CVE-2022-37422, update to Payara version 5.2022.3 for the community edition or version 5.42.0 for the enterprise edition.
Where can I find more information about CVE-2022-37422?
You can find more information about CVE-2022-37422 on the Payara blog and the Payara downloads page.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- vendor/payara
- canonical/payara payara
- version/payara payara/5.0.0