Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
14 vulnerabilities found for Eclipse Glassfish by Eclipse Foundation
CVE-2024-9408 (GCVE-0-2024-9408)
Vulnerability from nvd – Published: 2025-07-16 11:15 – Updated: 2025-07-16 15:53
VLAI?
Summary
In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints.
Severity ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eclipse Foundation | Eclipse Glassfish |
Affected:
6.2.5
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9408",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-16T15:52:54.370122Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T15:53:13.391Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Eclipse Glassfish",
"vendor": "Eclipse Foundation",
"versions": [
{
"status": "affected",
"version": "6.2.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Mustafa G\u00dcNDO\u011eDU"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints."
}
],
"value": "In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T11:15:03.412Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/38"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2024-9408",
"datePublished": "2025-07-16T11:15:03.412Z",
"dateReserved": "2024-10-01T11:12:54.360Z",
"dateUpdated": "2025-07-16T15:53:13.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9343 (GCVE-0-2024-9343)
Vulnerability from nvd – Published: 2025-07-16 10:47 – Updated: 2025-07-16 14:39
VLAI?
Summary
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting
attacks in the Administration Console.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eclipse Foundation | Eclipse Glassfish |
Affected:
7.0.15
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9343",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-16T14:28:22.278051Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T14:39:10.179Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Eclipse Glassfish",
"vendor": "Eclipse Foundation",
"versions": [
{
"status": "affected",
"version": "7.0.15"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Marco Ventura"
},
{
"lang": "en",
"type": "reporter",
"value": "Claudia Bartolini"
},
{
"lang": "en",
"type": "reporter",
"value": "Andrea Carlo Maria Dattola"
},
{
"lang": "en",
"type": "reporter",
"value": "Debora Esposito"
},
{
"lang": "en",
"type": "reporter",
"value": "Massimiliano Brolli"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting\nattacks in the Administration Console."
}
],
"value": "In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting\nattacks in the Administration Console."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:H/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T11:04:23.976Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/37"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2024-9343",
"datePublished": "2025-07-16T10:47:55.853Z",
"dateReserved": "2024-09-30T16:10:10.745Z",
"dateUpdated": "2025-07-16T14:39:10.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9342 (GCVE-0-2024-9342)
Vulnerability from nvd – Published: 2025-07-16 10:14 – Updated: 2025-07-16 14:39
VLAI?
Summary
In Eclipse GlassFish version 7.0.16 or earlier it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts.
Severity ?
CWE
- CWE-307 - Improper Restriction of Excessive Authentication Attempts
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eclipse Foundation | Eclipse Glassfish |
Affected:
7.0.16
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-16T14:28:27.927901Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T14:39:49.251Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Eclipse Glassfish",
"vendor": "Eclipse Foundation",
"versions": [
{
"status": "affected",
"version": "7.0.16"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Marco Ventura"
},
{
"lang": "en",
"type": "reporter",
"value": "Claudia Bartolini"
},
{
"lang": "en",
"type": "reporter",
"value": "Andrea Carlo Maria Dattola"
},
{
"lang": "en",
"type": "reporter",
"value": "Debora Esposito"
},
{
"lang": "en",
"type": "reporter",
"value": "Massimiliano Brolli"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse GlassFish version 7.0.16 or earlier it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts.\u003cbr\u003e"
}
],
"value": "In Eclipse GlassFish version 7.0.16 or earlier it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T11:05:02.521Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/33"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2024-9342",
"datePublished": "2025-07-16T10:14:28.966Z",
"dateReserved": "2024-09-30T15:55:47.833Z",
"dateUpdated": "2025-07-16T14:39:49.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10032 (GCVE-0-2024-10032)
Vulnerability from nvd – Published: 2025-07-16 11:07 – Updated: 2025-07-16 14:38
VLAI?
Summary
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting
attacks in the Administration Console.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eclipse Foundation | Eclipse Glassfish |
Affected:
7.0.15
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10032",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-16T14:27:50.255857Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T14:38:55.074Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Eclipse Glassfish",
"vendor": "Eclipse Foundation",
"versions": [
{
"status": "affected",
"version": "7.0.15"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Marco Ventura"
},
{
"lang": "en",
"type": "reporter",
"value": "Claudia Bartolini"
},
{
"lang": "en",
"type": "reporter",
"value": "Andrea Carlo Maria Dattola"
},
{
"lang": "en",
"type": "reporter",
"value": "Debora Esposito"
},
{
"lang": "en",
"type": "reporter",
"value": "Massimiliano Brolli"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting\nattacks in the Administration Console."
}
],
"value": "In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting\nattacks in the Administration Console."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:H/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T11:07:55.848Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/42"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2024-10032",
"datePublished": "2025-07-16T11:07:55.848Z",
"dateReserved": "2024-10-16T13:14:35.180Z",
"dateUpdated": "2025-07-16T14:38:55.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10031 (GCVE-0-2024-10031)
Vulnerability from nvd – Published: 2025-07-16 11:02 – Updated: 2025-07-16 14:38
VLAI?
Summary
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting
attacks by modifying the configuration file in the underlying operating system.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eclipse Foundation | Eclipse Glassfish |
Affected:
7.0.15
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10031",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-16T14:28:02.452022Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T14:38:59.823Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Eclipse Glassfish",
"vendor": "Eclipse Foundation",
"versions": [
{
"status": "affected",
"version": "7.0.15"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Marco Ventura"
},
{
"lang": "en",
"type": "reporter",
"value": "Claudia Bartolini"
},
{
"lang": "en",
"type": "reporter",
"value": "Andrea Carlo Maria Dattola"
},
{
"lang": "en",
"type": "reporter",
"value": "Debora Esposito"
},
{
"lang": "en",
"type": "reporter",
"value": "Massimiliano Brolli"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting\nattacks by modifying the configuration file in the underlying operating system."
}
],
"value": "In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting\nattacks by modifying the configuration file in the underlying operating system."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:P/VC:L/VI:H/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T11:02:51.419Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/41"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2024-10031",
"datePublished": "2025-07-16T11:02:51.419Z",
"dateReserved": "2024-10-16T13:04:46.471Z",
"dateUpdated": "2025-07-16T14:38:59.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10029 (GCVE-0-2024-10029)
Vulnerability from nvd – Published: 2025-07-16 10:55 – Updated: 2025-07-16 14:39
VLAI?
Summary
In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting
attacks in the Administration Console.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eclipse Foundation | Eclipse Glassfish |
Affected:
7.0.15
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10029",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-16T14:28:13.911843Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T14:39:05.571Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Eclipse Glassfish",
"vendor": "Eclipse Foundation",
"versions": [
{
"status": "affected",
"version": "7.0.15"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Marco Ventura"
},
{
"lang": "en",
"type": "reporter",
"value": "Claudia Bartolini"
},
{
"lang": "en",
"type": "reporter",
"value": "Andrea Carlo Maria Dattola"
},
{
"lang": "en",
"type": "reporter",
"value": "Debora Esposito"
},
{
"lang": "en",
"type": "reporter",
"value": "Massimiliano Brolli"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting\nattacks in the Administration Console.\u003cbr\u003e"
}
],
"value": "In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting\nattacks in the Administration Console."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T11:03:47.045Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/40"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2024-10029",
"datePublished": "2025-07-16T10:55:35.408Z",
"dateReserved": "2024-10-16T11:58:42.352Z",
"dateUpdated": "2025-07-16T14:39:05.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8646 (GCVE-0-2024-8646)
Vulnerability from nvd – Published: 2024-09-11 13:26 – Updated: 2024-09-11 13:40
VLAI?
Title
Eclipse Glassfish: URL redirection vulnerability to untrusted sites
Summary
In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed.
This vulnerability is caused by the vulnerability (CVE-2023-41080) in the Apache code included in GlassFish.
This vulnerability only affects applications that are explicitly deployed to the root context ('/').
Severity ?
6.1 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eclipse Foundation | Eclipse Glassfish |
Affected:
5.1.0 , < 7.0.10
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8646",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T13:38:55.302469Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T13:40:06.290Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2/",
"defaultStatus": "unaffected",
"packageName": "org.glassfish.main.distributions:glassfish",
"product": "Eclipse Glassfish",
"repo": "https://github.com/eclipse-ee4j/glassfish",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThan": "7.0.10",
"status": "affected",
"version": "5.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed.\nThis vulnerability is caused by the vulnerability (CVE-2023-41080) in the Apache code included in GlassFish.\nThis vulnerability only affects applications that are explicitly deployed to the root context (\u0027/\u0027)."
}
],
"value": "In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed.\nThis vulnerability is caused by the vulnerability (CVE-2023-41080) in the Apache code included in GlassFish.\nThis vulnerability only affects applications that are explicitly deployed to the root context (\u0027/\u0027)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T13:26:47.468Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/163"
},
{
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/34"
},
{
"url": "https://github.com/eclipse-ee4j/glassfish/pull/24655"
},
{
"url": "https://glassfish.org/download"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Eclipse Glassfish: URL redirection vulnerability to untrusted sites",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2024-8646",
"datePublished": "2024-09-11T13:26:47.468Z",
"dateReserved": "2024-09-10T08:33:09.749Z",
"dateUpdated": "2024-09-11T13:40:06.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9408 (GCVE-0-2024-9408)
Vulnerability from cvelistv5 – Published: 2025-07-16 11:15 – Updated: 2025-07-16 15:53
VLAI?
Summary
In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints.
Severity ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eclipse Foundation | Eclipse Glassfish |
Affected:
6.2.5
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9408",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-16T15:52:54.370122Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T15:53:13.391Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Eclipse Glassfish",
"vendor": "Eclipse Foundation",
"versions": [
{
"status": "affected",
"version": "6.2.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Mustafa G\u00dcNDO\u011eDU"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints."
}
],
"value": "In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T11:15:03.412Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/38"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2024-9408",
"datePublished": "2025-07-16T11:15:03.412Z",
"dateReserved": "2024-10-01T11:12:54.360Z",
"dateUpdated": "2025-07-16T15:53:13.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10032 (GCVE-0-2024-10032)
Vulnerability from cvelistv5 – Published: 2025-07-16 11:07 – Updated: 2025-07-16 14:38
VLAI?
Summary
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting
attacks in the Administration Console.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eclipse Foundation | Eclipse Glassfish |
Affected:
7.0.15
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10032",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-16T14:27:50.255857Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T14:38:55.074Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Eclipse Glassfish",
"vendor": "Eclipse Foundation",
"versions": [
{
"status": "affected",
"version": "7.0.15"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Marco Ventura"
},
{
"lang": "en",
"type": "reporter",
"value": "Claudia Bartolini"
},
{
"lang": "en",
"type": "reporter",
"value": "Andrea Carlo Maria Dattola"
},
{
"lang": "en",
"type": "reporter",
"value": "Debora Esposito"
},
{
"lang": "en",
"type": "reporter",
"value": "Massimiliano Brolli"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting\nattacks in the Administration Console."
}
],
"value": "In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting\nattacks in the Administration Console."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:H/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T11:07:55.848Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/42"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2024-10032",
"datePublished": "2025-07-16T11:07:55.848Z",
"dateReserved": "2024-10-16T13:14:35.180Z",
"dateUpdated": "2025-07-16T14:38:55.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10031 (GCVE-0-2024-10031)
Vulnerability from cvelistv5 – Published: 2025-07-16 11:02 – Updated: 2025-07-16 14:38
VLAI?
Summary
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting
attacks by modifying the configuration file in the underlying operating system.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eclipse Foundation | Eclipse Glassfish |
Affected:
7.0.15
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10031",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-16T14:28:02.452022Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T14:38:59.823Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Eclipse Glassfish",
"vendor": "Eclipse Foundation",
"versions": [
{
"status": "affected",
"version": "7.0.15"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Marco Ventura"
},
{
"lang": "en",
"type": "reporter",
"value": "Claudia Bartolini"
},
{
"lang": "en",
"type": "reporter",
"value": "Andrea Carlo Maria Dattola"
},
{
"lang": "en",
"type": "reporter",
"value": "Debora Esposito"
},
{
"lang": "en",
"type": "reporter",
"value": "Massimiliano Brolli"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting\nattacks by modifying the configuration file in the underlying operating system."
}
],
"value": "In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting\nattacks by modifying the configuration file in the underlying operating system."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:P/VC:L/VI:H/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T11:02:51.419Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/41"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2024-10031",
"datePublished": "2025-07-16T11:02:51.419Z",
"dateReserved": "2024-10-16T13:04:46.471Z",
"dateUpdated": "2025-07-16T14:38:59.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10029 (GCVE-0-2024-10029)
Vulnerability from cvelistv5 – Published: 2025-07-16 10:55 – Updated: 2025-07-16 14:39
VLAI?
Summary
In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting
attacks in the Administration Console.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eclipse Foundation | Eclipse Glassfish |
Affected:
7.0.15
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10029",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-16T14:28:13.911843Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T14:39:05.571Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Eclipse Glassfish",
"vendor": "Eclipse Foundation",
"versions": [
{
"status": "affected",
"version": "7.0.15"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Marco Ventura"
},
{
"lang": "en",
"type": "reporter",
"value": "Claudia Bartolini"
},
{
"lang": "en",
"type": "reporter",
"value": "Andrea Carlo Maria Dattola"
},
{
"lang": "en",
"type": "reporter",
"value": "Debora Esposito"
},
{
"lang": "en",
"type": "reporter",
"value": "Massimiliano Brolli"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting\nattacks in the Administration Console.\u003cbr\u003e"
}
],
"value": "In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting\nattacks in the Administration Console."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T11:03:47.045Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/40"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2024-10029",
"datePublished": "2025-07-16T10:55:35.408Z",
"dateReserved": "2024-10-16T11:58:42.352Z",
"dateUpdated": "2025-07-16T14:39:05.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9343 (GCVE-0-2024-9343)
Vulnerability from cvelistv5 – Published: 2025-07-16 10:47 – Updated: 2025-07-16 14:39
VLAI?
Summary
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting
attacks in the Administration Console.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eclipse Foundation | Eclipse Glassfish |
Affected:
7.0.15
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9343",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-16T14:28:22.278051Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T14:39:10.179Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Eclipse Glassfish",
"vendor": "Eclipse Foundation",
"versions": [
{
"status": "affected",
"version": "7.0.15"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Marco Ventura"
},
{
"lang": "en",
"type": "reporter",
"value": "Claudia Bartolini"
},
{
"lang": "en",
"type": "reporter",
"value": "Andrea Carlo Maria Dattola"
},
{
"lang": "en",
"type": "reporter",
"value": "Debora Esposito"
},
{
"lang": "en",
"type": "reporter",
"value": "Massimiliano Brolli"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting\nattacks in the Administration Console."
}
],
"value": "In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting\nattacks in the Administration Console."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:H/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T11:04:23.976Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/37"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2024-9343",
"datePublished": "2025-07-16T10:47:55.853Z",
"dateReserved": "2024-09-30T16:10:10.745Z",
"dateUpdated": "2025-07-16T14:39:10.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9342 (GCVE-0-2024-9342)
Vulnerability from cvelistv5 – Published: 2025-07-16 10:14 – Updated: 2025-07-16 14:39
VLAI?
Summary
In Eclipse GlassFish version 7.0.16 or earlier it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts.
Severity ?
CWE
- CWE-307 - Improper Restriction of Excessive Authentication Attempts
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eclipse Foundation | Eclipse Glassfish |
Affected:
7.0.16
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-16T14:28:27.927901Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T14:39:49.251Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Eclipse Glassfish",
"vendor": "Eclipse Foundation",
"versions": [
{
"status": "affected",
"version": "7.0.16"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Marco Ventura"
},
{
"lang": "en",
"type": "reporter",
"value": "Claudia Bartolini"
},
{
"lang": "en",
"type": "reporter",
"value": "Andrea Carlo Maria Dattola"
},
{
"lang": "en",
"type": "reporter",
"value": "Debora Esposito"
},
{
"lang": "en",
"type": "reporter",
"value": "Massimiliano Brolli"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse GlassFish version 7.0.16 or earlier it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts.\u003cbr\u003e"
}
],
"value": "In Eclipse GlassFish version 7.0.16 or earlier it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T11:05:02.521Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/33"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2024-9342",
"datePublished": "2025-07-16T10:14:28.966Z",
"dateReserved": "2024-09-30T15:55:47.833Z",
"dateUpdated": "2025-07-16T14:39:49.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8646 (GCVE-0-2024-8646)
Vulnerability from cvelistv5 – Published: 2024-09-11 13:26 – Updated: 2024-09-11 13:40
VLAI?
Title
Eclipse Glassfish: URL redirection vulnerability to untrusted sites
Summary
In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed.
This vulnerability is caused by the vulnerability (CVE-2023-41080) in the Apache code included in GlassFish.
This vulnerability only affects applications that are explicitly deployed to the root context ('/').
Severity ?
6.1 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eclipse Foundation | Eclipse Glassfish |
Affected:
5.1.0 , < 7.0.10
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8646",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T13:38:55.302469Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T13:40:06.290Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2/",
"defaultStatus": "unaffected",
"packageName": "org.glassfish.main.distributions:glassfish",
"product": "Eclipse Glassfish",
"repo": "https://github.com/eclipse-ee4j/glassfish",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThan": "7.0.10",
"status": "affected",
"version": "5.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed.\nThis vulnerability is caused by the vulnerability (CVE-2023-41080) in the Apache code included in GlassFish.\nThis vulnerability only affects applications that are explicitly deployed to the root context (\u0027/\u0027)."
}
],
"value": "In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed.\nThis vulnerability is caused by the vulnerability (CVE-2023-41080) in the Apache code included in GlassFish.\nThis vulnerability only affects applications that are explicitly deployed to the root context (\u0027/\u0027)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T13:26:47.468Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/163"
},
{
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/34"
},
{
"url": "https://github.com/eclipse-ee4j/glassfish/pull/24655"
},
{
"url": "https://glassfish.org/download"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Eclipse Glassfish: URL redirection vulnerability to untrusted sites",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2024-8646",
"datePublished": "2024-09-11T13:26:47.468Z",
"dateReserved": "2024-09-10T08:33:09.749Z",
"dateUpdated": "2024-09-11T13:40:06.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}