Lucene search
K

304 matches found

Veracode
Veracode
added 2023/11/06 7:7 a.m.19 views

Remote Code Execution (RCE)

org.glassfish.main.orb: orb-connector is vulnerable to Remote Code Execution RCE. An attacker could exploit this vulnerability by sending a specially crafted RMI request to a vulnerable Glassfish server via access to insecure ORB listeners. The server would then execute the code contained in the...

9.8CVSS8.1AI score0.0065EPSS
Exploits0References3Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 5:48 a.m.7 views

SUSE CVE-2012-0551

Unspecified vulnerability in the Java Runtime Environment JRE in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remote attackers to affect confidentiality and...

5.8CVSS6.5AI score0.11515EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:46 a.m.4 views

SUSE CVE-2012-3155

Unspecified vulnerability in the CORBA ORB component in Sun GlassFish Enterprise Server 2.1.1, Oracle GlassFish Server 3.0.1 and 3.1.2, and Sun Java System Application Server 8.1 and 8.2 allows remote attackers to affect availability, related to CORBA ORB...

5CVSS6.5AI score0.02531EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2022/12/07 12:0 a.m.4 views

The vulnerability of the command-line interface (CLI) of the security management system FortiSIEM, which allows a attacker to gain unauthorized access to protected information

The vulnerability of the command-line interface CLI of the security management system FortiSIEM is related to deficiencies in authentication procedures and the use of default credentials when connecting to the Glassfish server. Exploiting this vulnerability can allow an attacker to gain...

7.8CVSS7.2AI score0.00195EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/11/02 12:15 p.m.5 views

CVE-2022-26119

A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...

7.8CVSS5.8AI score0.00195EPSS
Exploits0References1
NVD
NVD
added 2022/11/02 12:15 p.m.21 views

CVE-2022-26119

A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...

7.8CVSS0.00195EPSS
Exploits0References1
Prion
Prion
added 2022/11/02 12:15 p.m.16 views

Authentication flaw

A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...

4.3CVSS7.4AI score0.00195EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/11/02 12:0 a.m.67 views

CVE-2022-26119

Affected software : Fortinet FortiSIEM versions prior to 6.5.0. Vulnerability : Improper authentication allowing a local attacker with CLI access to perform operations on the Glassfish server via a hardcoded password. The root cause is hardcoded/default credentials used when connecting to Glassfi...

7.8CVSS7.5AI score0.00195EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/02 12:0 a.m.11 views

CVE-2022-26119

A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...

7.8CVSS6.7AI score0.00195EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/11/01 12:0 a.m.4 views

PT-2022-5759 · Fortinet · Fortisiem

Name of the Vulnerable Software and Affected Versions: Fortinet FortiSIEM versions prior to 6.5.0 Description: The issue is related to improper authentication in Fortinet FortiSIEM, allowing a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded...

7.8CVSS7.6AI score0.00195EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2022/01/18 8:2 a.m.21 views

Earth Lusca Hackers Aimed at High-Value Targets in Government and Private Sectors

An elusive threat actor called Earth Lusca has been observed striking organizations across the world as part of what appears to be simultaneously an espionage campaign and an attempt to reap monetary profits. "The list of its victims includes high-value targets such as government and educational...

0.4AI score
Exploits0
OSV
OSV
added 2021/06/25 4:15 p.m.5 views

CVE-2021-3314

Oracle GlassFish Server 3.1.2.18 and below allows /common/logViewer/logViewer.jsf XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the web browser. The most common mechanism for...

6.1CVSS5.8AI score0.00926EPSS
Exploits1References2
NVD
NVD
added 2021/06/25 4:15 p.m.19 views

CVE-2021-3314

Oracle GlassFish Server 3.1.2.18 and below allows /common/logViewer/logViewer.jsf XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the web browser. The most common mechanism for...

6.1CVSS0.00926EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2021/06/25 3:16 p.m.13 views

CVE-2021-3314

Oracle GlassFish Server 3.1.2.18 and below allows /common/logViewer/logViewer.jsf XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the web browser. The most common mechanism for...

6.6AI score0.00926EPSS
Exploits1References2
CVE
CVE
added 2021/06/25 3:16 p.m.129 views

CVE-2021-3314

CVE-2021-3314 affects Oracle GlassFish Server 3.1.2.18 and earlier. The vulnerability is a reflected XSS in the /common/logViewer/logViewer.jsf page, where an attacker can craft a URL that causes an administrator’s input to be reflected and executed by the browser. Root cause is improper handling...

6.1CVSS6AI score0.00926EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2021/06/25 12:0 a.m.3 views

Oracle GlassFish Server 跨站脚本漏洞

Oracle GlassFish Server is an application from Oracle Corporation.Oracle GlassFish Server is built using the GlassFish Server Open Source Edition to provide a flexible, lightweight, and production-ready Java EE 6 application server. Oracle GlassFish Server suffers from a cross-site scripting...

6.1CVSS5.9AI score0.00926EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2021/06/25 12:0 a.m.5 views

PT-2021-20055 · Oracle · Oracle Glassfish Server

Name of the Vulnerable Software and Affected Versions: Oracle GlassFish Server versions 3.1.2.18 and below Description: The issue allows a malicious user to cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the...

6.1CVSS6.4AI score0.00926EPSS
Exploits1References8
BDU FSTEC
BDU FSTEC
added 2019/02/15 12:0 a.m.4 views

The vulnerability of the Java Server Faces component of the Oracle GlassFish Server software platform allows a perpetrator to gain unauthorized access to data.

The vulnerability of the Java Server Faces component of the Oracle GlassFish Server is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain unauthorized access to data using the HTTP protocol...

5.3CVSS6.3AI score0.01657EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/01/30 12:0 a.m.5 views

The vulnerability of the Administration component of the Oracle GlassFish Server allows a attacker to cause a service failure.

The vulnerability of the Administration component of Oracle GlassFish Server is related to insufficient access control. Exploiting this vulnerability could allow a malicious actor to cause service interruptions using the HTTP protocol...

7.8CVSS7.2AI score0.02025EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/01/23 12:0 a.m.5 views

The vulnerability of the Java Server Faces component of the Oracle GlassFish Server software platform allows attackers to modify sensitive information or cause service failures.

The vulnerability of the Java Server Faces component of the Oracle GlassFish Server software platform is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to modify protected information or cause service failures...

9.7CVSS7.5AI score0.01902EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder