CVE-2021-41381
50Vexday Risk Score
Patch soon. It has a working public exploit.
ssvc Attendepss 53%
from disclosure to weapon15 days
Published on NVDSep 23
1st PoC+15d
exploitation probability
53%top 1% of all CVEs
observed exploitation
nono source reports it
4 public exploit(s)
Payara Micro Community 5.2021.6 and below allows Directory Traversal.
Affected products
n/a · n/apublic PoCs found — 4
githubgithub.com/Net-hunter121/CVE-2021-41381★ 2cve_referencepacketstormsecurity.com/files/164365/Payara-Micro-Community-5.2021.6-Directory-Traversal.htmlunverifiedcve_referencepacketstormsecurity.com/files/169864/Payara-Platform-Path-Traversal.htmlunverifiedcve_referencewww.exploit-db.com/exploits/50371unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://packetstormsecurity.com/files/164365/Payara-Micro-Community-5.2021.6-Directory-Traversal.htmlhttp://packetstormsecurity.com/files/169864/Payara-Platform-Path-Traversal.htmlhttp://seclists.org/fulldisclosure/2022/Nov/11https://github.com/Net-hunter121/CVE-2021-41381/blob/main/CVE:%202021-41381-POChttps://www.exploit-db.com/exploits/50371https://www.payara.fishhttps://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-054.txt