CVE-2024-9342

EPSS 0.40%

Eclipse GlassFish is vulnerable to Login Brute Force attacks through unlimited failed login attempts

Published: 7/16/2025Modified: 7/18/2025

Description

In Eclipse GlassFish version 7.0.16 or earlier, it is possible to perform login brute force attacks as there is no limitation on the number of failed login attempts.

Affected packages (1)

Maven/org.glassfish.main.admingui:console-commonfrom 0, <= 7.0.25

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-9342
PATCHhttps://github.com/eclipse-ee4j/glassfish
WEBhttps://gitlab.eclipse.org/security/cve-assignement/-/issues/33
WEBhttps://gitlab.eclipse.org/security/vulnerability-reports/-/issues/231