Oracle GlassFish versions 2.1.1.x prior to 2.1.1.30, 3.0.1.x prior to 3.0.1.15, and 3.1.2.x prior to 3.1.2.16 are affected by the following vulnerabilities :
- An unspecified flaw exists related to the Security subcomponent. This may allow a remote attacker to potentially execute arbitrary code. No further details have been provided by the vendor. (CVE-2016-5528)
- An unspecified flaw exists related to the Administration subcomponent. This may allow a local attacker to gain access to potentially sensitive information. No further details have been provided by the vendor. (CVE-2017-3239)
- An unspecified flaw exists related to the Core subcomponent. This may allow a context-dependent attacker to have an impact on integrity. No further details have been provided by the vendor. (CVE-2017-3247)
- An unspecified flaw exists related to the Security subcomponent. This may allow a remote attacker to have an impact on confidentiality, integrity, and availability. No further details have been provided by the vendor. (CVE-2017-3249)
- An unspecified flaw exists related to the Security subcomponent. This may allow a remote attacker to have an impact on confidentiality, integrity, and availability. No further details have been provided by the vendor. (CVE-2017-3250)