In Eclipse GlassFish versions before 8.0.3 it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts. GlassFish 8.0.3 adds automatic attack protection documented in https://glassfish.org/docs/latest/security-guide.html#brute-force-attack-protection .
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XEclipse Glassfish
APPEclipse7.0.16
Related vulnerabilities
A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mech...
An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Consol...
In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in spe...
In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting attacks in the Admin...
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administ...