304 matches found
Remote Code Execution (RCE)
org.glassfish.main.orb: orb-connector is vulnerable to Remote Code Execution RCE. An attacker could exploit this vulnerability by sending a specially crafted RMI request to a vulnerable Glassfish server via access to insecure ORB listeners. The server would then execute the code contained in the...
SUSE CVE-2012-0551
Unspecified vulnerability in the Java Runtime Environment JRE in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remote attackers to affect confidentiality and...
SUSE CVE-2012-3155
Unspecified vulnerability in the CORBA ORB component in Sun GlassFish Enterprise Server 2.1.1, Oracle GlassFish Server 3.0.1 and 3.1.2, and Sun Java System Application Server 8.1 and 8.2 allows remote attackers to affect availability, related to CORBA ORB...
The vulnerability of the command-line interface (CLI) of the security management system FortiSIEM, which allows a attacker to gain unauthorized access to protected information
The vulnerability of the command-line interface CLI of the security management system FortiSIEM is related to deficiencies in authentication procedures and the use of default credentials when connecting to the Glassfish server. Exploiting this vulnerability can allow an attacker to gain...
CVE-2022-26119
A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...
CVE-2022-26119
A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...
Authentication flaw
A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...
CVE-2022-26119
Affected software : Fortinet FortiSIEM versions prior to 6.5.0. Vulnerability : Improper authentication allowing a local attacker with CLI access to perform operations on the Glassfish server via a hardcoded password. The root cause is hardcoded/default credentials used when connecting to Glassfi...
CVE-2022-26119
A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password...
PT-2022-5759 · Fortinet · Fortisiem
Name of the Vulnerable Software and Affected Versions: Fortinet FortiSIEM versions prior to 6.5.0 Description: The issue is related to improper authentication in Fortinet FortiSIEM, allowing a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded...
Earth Lusca Hackers Aimed at High-Value Targets in Government and Private Sectors
An elusive threat actor called Earth Lusca has been observed striking organizations across the world as part of what appears to be simultaneously an espionage campaign and an attempt to reap monetary profits. "The list of its victims includes high-value targets such as government and educational...
CVE-2021-3314
Oracle GlassFish Server 3.1.2.18 and below allows /common/logViewer/logViewer.jsf XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the web browser. The most common mechanism for...
CVE-2021-3314
Oracle GlassFish Server 3.1.2.18 and below allows /common/logViewer/logViewer.jsf XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the web browser. The most common mechanism for...
CVE-2021-3314
Oracle GlassFish Server 3.1.2.18 and below allows /common/logViewer/logViewer.jsf XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the web browser. The most common mechanism for...
CVE-2021-3314
CVE-2021-3314 affects Oracle GlassFish Server 3.1.2.18 and earlier. The vulnerability is a reflected XSS in the /common/logViewer/logViewer.jsf page, where an attacker can craft a URL that causes an administrator’s input to be reflected and executed by the browser. Root cause is improper handling...
Oracle GlassFish Server 跨站脚本漏洞
Oracle GlassFish Server is an application from Oracle Corporation.Oracle GlassFish Server is built using the GlassFish Server Open Source Edition to provide a flexible, lightweight, and production-ready Java EE 6 application server. Oracle GlassFish Server suffers from a cross-site scripting...
PT-2021-20055 · Oracle · Oracle Glassfish Server
Name of the Vulnerable Software and Affected Versions: Oracle GlassFish Server versions 3.1.2.18 and below Description: The issue allows a malicious user to cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the...
The vulnerability of the Java Server Faces component of the Oracle GlassFish Server software platform allows a perpetrator to gain unauthorized access to data.
The vulnerability of the Java Server Faces component of the Oracle GlassFish Server is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain unauthorized access to data using the HTTP protocol...
The vulnerability of the Administration component of the Oracle GlassFish Server allows a attacker to cause a service failure.
The vulnerability of the Administration component of Oracle GlassFish Server is related to insufficient access control. Exploiting this vulnerability could allow a malicious actor to cause service interruptions using the HTTP protocol...
The vulnerability of the Java Server Faces component of the Oracle GlassFish Server software platform allows attackers to modify sensitive information or cause service failures.
The vulnerability of the Java Server Faces component of the Oracle GlassFish Server software platform is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to modify protected information or cause service failures...