Every CVE whose affected-product data names Eclipse Glassfish, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2024-9342 — CVSS 9.8 (critical): In Eclipse GlassFish versions before 8.0.3 it is possible to perform Login Brute Force attacks as there is no limitation in the number of…
CVE-2024-9408 — CVSS 9.8 (critical): In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints.
CVE-2026-2587 — CVSS 9.6 (critical): A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mechanism used by the Glassfish…
CVE-2026-2586 — CVSS 9.1 (critical): An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user with access to the…
CVE-2023-5763 — CVSS 6.8 (medium): In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load…
CVE-2022-2712 — CVSS 6.5 (medium): In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path…
CVE-2024-9329 — CVSS 6.1 (medium): In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when…
CVE-2024-8646 — CVSS 6.1 (medium): In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed. This vulnerability is caused by…
CVE-2024-9343 — CVSS 6.1 (medium): In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console.
CVE-2024-10029 — CVSS 6.1 (medium): In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting attacks in the Administration Console.
CVE-2024-10032 — CVSS 5.4 (medium): In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console.
CVE-2024-10031 — CVSS 5.4 (medium): In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configuration file in the…