Lucene search

Veracode Vulnerability DatabaseVERACODE:44148

HistoryNov 06, 2023 - 7:07 a.m.

Remote Code Execution (RCE)

2023-11-0607:07:01

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

glassfish server

rce

orb listeners

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.9%

JSON

org.glassfish.main.orb: orb-connector is vulnerable to Remote Code Execution (RCE). An attacker could exploit this vulnerability by sending a specially crafted RMI request to a vulnerable Glassfish server via access to insecure ORB listeners. The server would then execute the code contained in the request, which could allow the attacker to take control of the server. Note that this vulnerability is only exploitable when a JDK lower than 6u211, or < 7u201, or < 8u191 is in use.

CPENameOperatorVersion
glassfish orb connector implementationle7.0.0-M10
glassfish orb connector implementationle7.0.0-M10

CPE	Name	Operator	Version
	glassfish orb connector implementation	le	7.0.0-M10
	glassfish orb connector implementation	le	7.0.0-M10

References

github.com/advisories/GHSA-2mw4-wj8c-7f93

gitlab.eclipse.org/security/cve-assignement/-/issues/14

glassfish.org/docs/latest/security-guide.html#securing-glassfish-server

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.9%

JSON

Related for VERACODE:44148