CVE-2022-37422
HIGHPayara < 4.1.2.191.36 - Path Traversal
Title source: ruleDescription
Payara through 5.2022.2 allows directory traversal without authentication. This affects Payara Server, Payara Micro, and Payara Server Embedded.
Exploits (1)
nomisec
WRITEUP
by shoucheng3 · poc
https://github.com/shoucheng3/payara__Payara_CVE-2022-37422_5-2022-2
Scores
CVSS v3
7.5
EPSS
0.0045
EPSS Percentile
63.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (3)
fish.payara.api/payara-bom
0 - 5.2022.3Maven
payara/payara
< 4.1.2.191.36
payara/payara
< 5.2022.3
Published
Aug 18, 2022
Tracked Since
Feb 18, 2026