Lucene search

GitHub Advisory DatabaseGHSA-2MW4-WJ8C-7F93

HistoryNov 03, 2023 - 9:32 a.m.

Eclipse Glassfish remote code execution issue

2023-11-0309:32:49

CWE-20

CWE-913

GitHub Advisory Database

github.com

eclipse glassfish

remote code execution

jdk vulnerability

insecure orb listeners

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.9%

JSON

In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.

Affected configurations

Vulners

Node

org.glassfish.main.orb\orbMatchconnector

CPENameOperatorVersion
org.glassfish.main.orb:orb-connectorge5.0.0
org.glassfish.main.orb:orb-connectorlt7.0.0

CPE	Name	Operator	Version
	org.glassfish.main.orb:orb-connector	ge	5.0.0
	org.glassfish.main.orb:orb-connector	lt	7.0.0

References

github.com/advisories/GHSA-2mw4-wj8c-7f93

gitlab.eclipse.org/security/cve-assignement/-/issues/14

glassfish.org/docs/latest/security-guide.html#securing-glassfish-server

nvd.nist.gov/vuln/detail/CVE-2023-5763

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.9%

JSON

Related for GHSA-2MW4-WJ8C-7F93