CVE-2025-14340
Admin Account Takeover via malicious URL payload
Cross-site scripting in REST Management Interface in Payara Server <4.1.2.191.54, <5.83.0, <6.34.0, <7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Payload.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/S:P/AU:N/R:U/RE:M/U:Red
Productos afectados
Payara Platform · Payara Server¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →