Description

A path traversal vulnerability in Payara Micro allows an unauthenticated attacker to retrieve arbitrary files within the web application archive(.war).

Remediation

Upgrade to the latest version of Payara Micro

References

CVE-2021-41381

Related Vulnerabilities

WordPress Plugin Backup, Restore and Migrate WordPress Sites With the XCloner Directory Traversal (3.1.4)

WordPress Plugin Doneren met Mollie Information Disclosure (2.8.4)

WordPress Plugin Wholesale Market Arbitrary File Download (2.2.0)

Stack Trace Disclosure (CherryPy)

VMware Horizon Log4Shell RCE

Severity

Medium

Classification

CVE-2021-41381 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Directory Traversal Information Disclosure