CVE-2024-9342

EPSS 0.40%

Eclipse GlassFish is vulnerable to Login Brute Force attacks through unlimited failed login attempts

發布日:2025/7/16修改日:2025/7/18

描述

In Eclipse GlassFish version 7.0.16 or earlier, it is possible to perform login brute force attacks as there is no limitation on the number of failed login attempts.

受影響套件(1)

Maven/org.glassfish.main.admingui:console-commonfrom 0, <= 7.0.25

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 4.0	—	CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-9342
PATCHhttps://github.com/eclipse-ee4j/glassfish
WEBhttps://gitlab.eclipse.org/security/cve-assignement/-/issues/33
WEBhttps://gitlab.eclipse.org/security/vulnerability-reports/-/issues/231