Skip to main content

Glassfish

4 CVEs product

Monthly

CVE-2024-9342 Maven MEDIUM This Month

In Eclipse GlassFish versions before 8.0.3 it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Glassfish
NVD VulDB
CVSS 4.0
6.3
EPSS
0.4%
CVE-2024-9329 Maven MEDIUM POC PATCH This Month

In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Glassfish
NVD GitHub
CVSS 4.0
6.9
EPSS
0.7%
CVE-2024-8646 Maven MEDIUM PATCH This Month

In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Apache Open Redirect Glassfish
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-5763 Maven CRITICAL PATCH Act Now

In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Glassfish
NVD
CVSS 3.1
9.8
EPSS
0.7%
EPSS 0% CVSS 6.3
MEDIUM This Month

In Eclipse GlassFish versions before 8.0.3 it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Glassfish
NVD VulDB
EPSS 1% CVSS 6.9
MEDIUM POC PATCH This Month

In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Glassfish
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Apache Open Redirect Glassfish
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Glassfish
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy