glassfish · threatengine.sh

CVE-2024-9408

all versions

In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints.

9.8CRITICAL

CVE-2024-9343

all versions

In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console.

6.1MEDIUM

CVE-2024-9342

all versions

In Eclipse GlassFish version 7.0.16 or earlier it is possible to perform Login Brute Force attacks as there is no limitation in th

9.8CRITICAL

CVE-2024-10032

all versions

In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console.

5.4MEDIUM

CVE-2024-10031

all versions

In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configuration file

5.4MEDIUM

CVE-2024-10029

all versions

In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting attacks in the Administration Console.

6.1MEDIUM

CVE-2024-9329

< 7.0.17

In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified

6.1MEDIUM

CVE-2024-8646

>= 5.1.0 and < 7.0.10

In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed. This vulnerability is c

6.1MEDIUM

CVE-2023-5763

>= 5.0.0 and <= 6.2.5

In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers

6.8MEDIUM

CVE-2022-2712

>= 5.1.0 and <= 6.2.5

In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter reque

6.5MEDIUM

eclipse glassfish