CVE-2024-8215: 
Payara Micro vulnerability analysis and mitigation

A Cross-site Scripting (XSS) vulnerability has been identified in Payara Platform Payara Server's Admin Console modules, tracked as CVE-2024-8215. The vulnerability was discovered and affects multiple versions of Payara Server: versions 5.20.0 to 5.68.0, 6.0.0 to 6.19.0, 6.2022.1 to 6.2024.10, and 4.1.2.191.1 to 4.1.2.191.51 (NVD).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) issue that allows Remote Code Inclusion. The severity assessment according to different scoring systems shows its critical nature: CVSS v4.0 score of 8.7 (HIGH) with vector string CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H, and CVSS v3.1 score of 8.4 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H (NVD).

The vulnerability can potentially lead to high impacts across multiple security aspects including confidentiality, integrity, and availability. The CVSS scores indicate that successful exploitation could result in significant consequences for affected systems, particularly concerning the security of the Admin Console modules (NVD).

Users are advised to upgrade to the fixed versions: Payara Server 5.68.0, 6.19.0, 6.2024.10, or 4.1.2.191.51, depending on their current version track (Payara Release Notes).