MEDIUM🇬🇧 English

CVE-2024-9342

CVSS 6.3v4.0pub. 2025-07-16upd. 2026-06-18

In Eclipse GlassFish versions before 8.0.3 it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts. GlassFish 8.0.3 adds automatic attack protection documented in https://glassfish.org/docs/latest/security-guide.html#brute-force-attack-protection .

oryginał EN
CVSS Vector
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Eclipse Glassfish

    APP
    Eclipse
    7.0.16
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2026-2587CRITICAL9.6ten sam produkt

A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mech...

CVE-2026-2586CRITICAL9.1ten sam produkt

An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Consol...

CVE-2024-9408HIGH8.9ten sam produkt

In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in spe...

CVE-2024-10029MEDIUM4.5ten sam produkt

In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting attacks in the Admin...

CVE-2024-10032MEDIUM6.1ten sam produkt

In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administ...