Lucene search
K
EclipseGlassfish

12 matches found

CVE
CVE
added 2023/01/27 12:0 a.m.89 views

CVE-2022-2712

Vulnerability: CVE-2022-2712 affects Eclipse GlassFish 5.1.0–6.2.5. Root cause is a relative path traversal flaw that fails to filter request paths starting with './'. Impact stated: remote unauthenticated attacker could access critical data (e.g., configuration files and deployed application sou...

7.5CVSS7.4AI score0.00927EPSS
CVE
CVE
added 2023/11/03 6:40 a.m.78 views

CVE-2023-5763

CVE-2023-5763 affects Eclipse Glassfish 5 and 6 when running on older JDKs (below 6u211, 7u201, or 8u191). The issue enables remote code loading via insecure ORB listeners, with Veracode describing RCE via specially crafted RMI requests to a vulnerable Glassfish server. The root cause is the use ...

9.8CVSS8.1AI score0.0065EPSS
CVE
CVE
added 2024/09/11 1:26 p.m.72 views

CVE-2024-8646

CVE-2024-8646 — Eclipse GlassFish prior to 7.0.10 suffers a URL redirection vulnerability to untrusted sites. The flaw stems from CVE-2023-41080 embedded in the Apache code used by GlassFish and only affects applications deployed to the root context ‘/’. Public details in the connected documents ...

6.1CVSS6.6AI score0.00363EPSS
CVE
CVE
added 2024/09/30 7:11 a.m.59 views

CVE-2024-9329

CVE-2024-9329 affects Eclipse GlassFish prior to 7.0.17. The Host HTTP parameter at the /management/domain endpoint can cause the web application to redirect to an attacker‑controlled URL, enabling phishing and potential credential theft. The reports indicate an Open Redirect risk tied to this pa...

6.9CVSS6.2AI score0.00679EPSS
Web
CVE
CVE
added 2026/05/19 2:3 p.m.46 views

CVE-2026-2587

CVE-2026-2587 describes a critical RCE in the server-side template rendering used by the Glassfish gadget handler. The flaw arises when processing .xml files, evaluating user-supplied values as Expression Language (EL) expressions without proper sanitization, e.g., #{7*7}, enabling server-side EL...

9.6CVSS6.2AI score0.00628EPSS
Web
CVE
CVE
added 2026/05/19 2:12 p.m.44 views

CVE-2026-2586

CVE-2026-2586: An authenticated RCE in GlassFish Administration Console. A user with console access can send crafted requests to execute arbitrary OS commands with the privileges of the application service user. Affected: GlassFish Admin Console. Impact (per provided metrics): high confidentialit...

9.1CVSS6.2AI score0.00819EPSS
CVE
CVE
added 2025/07/16 10:55 a.m.33 views

CVE-2024-10029

CVE-2024-10029 affects Eclipse GlassFish 7.0.15, enabling Reflected XSS in the Administration Console. The vulnerability targets the Admin Console UI (org.glassfish.main.admingui:console-cluster-plugin/console-common) and can be exploited via crafted links to execute scripts in a user’s browser. ...

6.1CVSS6.6AI score0.00198EPSS
CVE
CVE
added 2025/07/16 11:15 a.m.31 views

CVE-2024-9408

Eclipse GlassFish 6.2.5 and later is affected by an SSRF vulnerability in specific endpoints due to insufficient validation of user-supplied URLs. The issue allows the server to initiate arbitrary network requests to internal or external resources. Public sources (including NVD, Red Hat, Veracode...

9.8CVSS6.6AI score0.0029EPSS
CVE
CVE
added 2025/07/16 11:7 a.m.29 views

CVE-2024-10032

CVE-2024-10032 affects Eclipse GlassFish 7.0.15, enabling Stored XSS attacks via the Administration Console. The issue targets the console-administration UI (org.glassfish.main.admingui:console-cluster-plugin) and is described across multiple sources (NVD/Red Hat/OSV/GHSA). The connected data con...

6.1CVSS6.4AI score0.00205EPSS
CVE
CVE
added 2025/07/16 11:2 a.m.25 views

CVE-2024-10031

CVE-2024-10031 describes a Stored Cross-site Scripting (XSS) vulnerability in Eclipse GlassFish 7.0.15 triggered by modifying the underlying OS configuration file. Connected sources consistently report this stored XSS vector affecting GlassFish 7.0.15, with the underlying issue tied to configurat...

5.8CVSS6.4AI score0.00161EPSS
CVE
CVE
added 2025/07/16 10:47 a.m.24 views

CVE-2024-9343

CVE-2024-9343 refers to a Stored XSS vulnerability in Eclipse GlassFish 7.0.15, exposed via the Administration Console. The issue affects the GlassFish admin UI (console-common/admingui) and can allow an attacker to inject scripts that run in a user’s browser when interacting with the console. Te...

6.1CVSS6.4AI score0.00219EPSS
CVE
CVE
added 2025/07/16 10:14 a.m.23 views

CVE-2024-9342

Affected software: Eclipse GlassFish 7.0.16 and earlier. The issue is unlimited failed login attempts, enabling brute-force login; impact per sources includes potential unauthorized access. CVSS metrics in the initial document show high impact confidentiality, integrity, availability with network...

9.8CVSS5.2AI score0.00403EPSS