MEDIUM🇵🇱 Wersja polska

CVE-2024-9342

CVSS 6.3v4.0pub. 2025-07-16upd. 2026-06-18

In Eclipse GlassFish versions before 8.0.3 it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts. GlassFish 8.0.3 adds automatic attack protection documented in https://glassfish.org/docs/latest/security-guide.html#brute-force-attack-protection .

CVSS Vector
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Eclipse Glassfish

    APP
    Eclipse
    7.0.16
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-2587CRITICAL9.6ten sam produkt

A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mech...

CVE-2026-2586CRITICAL9.1ten sam produkt

An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Consol...

CVE-2024-9408HIGH8.9ten sam produkt

In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in spe...

CVE-2024-10029MEDIUM4.5ten sam produkt

In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting attacks in the Admin...

CVE-2024-10032MEDIUM6.1ten sam produkt

In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administ...