Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Glassfish by Eclipse Foundation

    CVE-2024-9329 (GCVE-0-2024-9329)

    Vulnerability from nvd – Published: 2024-09-30 07:11 – Updated: 2024-10-07 15:59
    VLAI
    Title
    Glassfish redirect to untrusted site
    Summary
    In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-233 - Improper Handling of Parameters
    Assigner
    Impacted products
    Vendor Product Version
    Eclipse Foundation Glassfish Affected: 5.1.0 , ≤ 7.0.16 (semver)
    Create a notification for this product.
    eclipse_foundation glassfish Affected: 5.1.0 , ≤ 7.0.16 (semver)
        cpe:2.3:a:eclipse_foundation:glassfish:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Marco Ventura (redteam https://www.gruppotim.it/it/footer/red-team.html) Claudia Bartolini (redteam https://www.gruppotim.it/it/footer/red-team.html) Andrea Carlo Maria Dattola (redteam https://www.gruppotim.it/it/footer/red-team.html) Debora Esposito (redteam https://www.gruppotim.it/it/footer/red-team.html) Massimiliano Brolli (redteam https://www.gruppotim.it/it/footer/red-team.html)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:eclipse_foundation:glassfish:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "glassfish",
                "vendor": "eclipse_foundation",
                "versions": [
                  {
                    "lessThanOrEqual": "7.0.16",
                    "status": "affected",
                    "version": "5.1.0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-9329",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-30T17:02:00.550829Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-30T17:03:26.168Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-10-07T15:59:12.662Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.gruppotim.it/it/footer/red-team.html"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Glassfish",
              "vendor": "Eclipse Foundation",
              "versions": [
                {
                  "lessThanOrEqual": "7.0.16",
                  "status": "affected",
                  "version": "5.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Marco Ventura (redteam https://www.gruppotim.it/it/footer/red-team.html)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Claudia Bartolini  (redteam https://www.gruppotim.it/it/footer/red-team.html)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Andrea Carlo Maria Dattola  (redteam https://www.gruppotim.it/it/footer/red-team.html)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Debora Esposito  (redteam https://www.gruppotim.it/it/footer/red-team.html)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Massimiliano Brolli  (redteam https://www.gruppotim.it/it/footer/red-team.html)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is \u0027/management/domain\u0027. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.\u003cbr\u003e"
                }
              ],
              "value": "In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is \u0027/management/domain\u0027. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-233",
                  "description": "CWE-233  Improper Handling of Parameters",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-30T07:11:53.688Z",
            "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
            "shortName": "eclipse"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/eclipse-ee4j/glassfish/pull/25106"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/232"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Glassfish redirect to untrusted site",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "assignerShortName": "eclipse",
        "cveId": "CVE-2024-9329",
        "datePublished": "2024-09-30T07:11:53.688Z",
        "dateReserved": "2024-09-29T16:38:56.846Z",
        "dateUpdated": "2024-10-07T15:59:12.662Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5763 (GCVE-0-2023-5763)

    Vulnerability from nvd – Published: 2023-11-03 06:40 – Updated: 2024-09-05 19:04
    VLAI
    Title
    Glassfish remote code execution
    Summary
    In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-913 - Improper Control of Dynamically-Managed Code Resources
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Eclipse Foundation Glassfish Affected: 6.0.0 , ≤ 6.2.5 (semver)
    Affected: 5.0 , ≤ 5.1 (semver)
    Create a notification for this product.
    Credits
    tr1ple kurosel (AntGroup FG)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:07:32.848Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://glassfish.org/docs/latest/security-guide.html#securing-glassfish-server"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/14"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5763",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-05T18:52:07.586018Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-05T19:04:31.768Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Glassfish",
              "vendor": "Eclipse Foundation",
              "versions": [
                {
                  "lessThanOrEqual": "6.2.5",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.1",
                  "status": "affected",
                  "version": "5.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Running with older versions of the JDK (lower than 6u211, or \u0026lt; 7u201, or \u0026lt; 8u191)\u003cbr\u003e"
                }
              ],
              "value": "Running with older versions of the JDK (lower than 6u211, or \u003c 7u201, or \u003c 8u191)\n"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "tr1ple kurosel (AntGroup FG)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or \u0026lt; 7u201, or \u0026lt; 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.\u003cbr\u003e"
                }
              ],
              "value": "In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or \u003c 7u201, or \u003c 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63: Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-913",
                  "description": "CWE-913 Improper Control of Dynamically-Managed Code Resources",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-03T06:40:43.441Z",
            "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
            "shortName": "eclipse"
          },
          "references": [
            {
              "url": "https://glassfish.org/docs/latest/security-guide.html#securing-glassfish-server"
            },
            {
              "url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/14"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Glassfish remote code execution",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "assignerShortName": "eclipse",
        "cveId": "CVE-2023-5763",
        "datePublished": "2023-11-03T06:40:43.441Z",
        "dateReserved": "2023-10-25T04:59:21.006Z",
        "dateUpdated": "2024-09-05T19:04:31.768Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-9329 (GCVE-0-2024-9329)

    Vulnerability from cvelistv5 – Published: 2024-09-30 07:11 – Updated: 2024-10-07 15:59
    VLAI
    Title
    Glassfish redirect to untrusted site
    Summary
    In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-233 - Improper Handling of Parameters
    Assigner
    Impacted products
    Vendor Product Version
    Eclipse Foundation Glassfish Affected: 5.1.0 , ≤ 7.0.16 (semver)
    Create a notification for this product.
    eclipse_foundation glassfish Affected: 5.1.0 , ≤ 7.0.16 (semver)
        cpe:2.3:a:eclipse_foundation:glassfish:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Marco Ventura (redteam https://www.gruppotim.it/it/footer/red-team.html) Claudia Bartolini (redteam https://www.gruppotim.it/it/footer/red-team.html) Andrea Carlo Maria Dattola (redteam https://www.gruppotim.it/it/footer/red-team.html) Debora Esposito (redteam https://www.gruppotim.it/it/footer/red-team.html) Massimiliano Brolli (redteam https://www.gruppotim.it/it/footer/red-team.html)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:eclipse_foundation:glassfish:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "glassfish",
                "vendor": "eclipse_foundation",
                "versions": [
                  {
                    "lessThanOrEqual": "7.0.16",
                    "status": "affected",
                    "version": "5.1.0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-9329",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-30T17:02:00.550829Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-30T17:03:26.168Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-10-07T15:59:12.662Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.gruppotim.it/it/footer/red-team.html"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Glassfish",
              "vendor": "Eclipse Foundation",
              "versions": [
                {
                  "lessThanOrEqual": "7.0.16",
                  "status": "affected",
                  "version": "5.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Marco Ventura (redteam https://www.gruppotim.it/it/footer/red-team.html)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Claudia Bartolini  (redteam https://www.gruppotim.it/it/footer/red-team.html)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Andrea Carlo Maria Dattola  (redteam https://www.gruppotim.it/it/footer/red-team.html)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Debora Esposito  (redteam https://www.gruppotim.it/it/footer/red-team.html)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Massimiliano Brolli  (redteam https://www.gruppotim.it/it/footer/red-team.html)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is \u0027/management/domain\u0027. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.\u003cbr\u003e"
                }
              ],
              "value": "In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is \u0027/management/domain\u0027. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-233",
                  "description": "CWE-233  Improper Handling of Parameters",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-30T07:11:53.688Z",
            "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
            "shortName": "eclipse"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/eclipse-ee4j/glassfish/pull/25106"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/232"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Glassfish redirect to untrusted site",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "assignerShortName": "eclipse",
        "cveId": "CVE-2024-9329",
        "datePublished": "2024-09-30T07:11:53.688Z",
        "dateReserved": "2024-09-29T16:38:56.846Z",
        "dateUpdated": "2024-10-07T15:59:12.662Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5763 (GCVE-0-2023-5763)

    Vulnerability from cvelistv5 – Published: 2023-11-03 06:40 – Updated: 2024-09-05 19:04
    VLAI
    Title
    Glassfish remote code execution
    Summary
    In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-913 - Improper Control of Dynamically-Managed Code Resources
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Eclipse Foundation Glassfish Affected: 6.0.0 , ≤ 6.2.5 (semver)
    Affected: 5.0 , ≤ 5.1 (semver)
    Create a notification for this product.
    Credits
    tr1ple kurosel (AntGroup FG)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:07:32.848Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://glassfish.org/docs/latest/security-guide.html#securing-glassfish-server"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/14"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5763",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-05T18:52:07.586018Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-05T19:04:31.768Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Glassfish",
              "vendor": "Eclipse Foundation",
              "versions": [
                {
                  "lessThanOrEqual": "6.2.5",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "5.1",
                  "status": "affected",
                  "version": "5.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Running with older versions of the JDK (lower than 6u211, or \u0026lt; 7u201, or \u0026lt; 8u191)\u003cbr\u003e"
                }
              ],
              "value": "Running with older versions of the JDK (lower than 6u211, or \u003c 7u201, or \u003c 8u191)\n"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "tr1ple kurosel (AntGroup FG)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or \u0026lt; 7u201, or \u0026lt; 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.\u003cbr\u003e"
                }
              ],
              "value": "In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or \u003c 7u201, or \u003c 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63: Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-913",
                  "description": "CWE-913 Improper Control of Dynamically-Managed Code Resources",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-03T06:40:43.441Z",
            "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
            "shortName": "eclipse"
          },
          "references": [
            {
              "url": "https://glassfish.org/docs/latest/security-guide.html#securing-glassfish-server"
            },
            {
              "url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/14"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Glassfish remote code execution",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "assignerShortName": "eclipse",
        "cveId": "CVE-2023-5763",
        "datePublished": "2023-11-03T06:40:43.441Z",
        "dateReserved": "2023-10-25T04:59:21.006Z",
        "dateUpdated": "2024-09-05T19:04:31.768Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }