CVE-2023-5763Improper Input Validation in Foundation Glassfish

CWE-20Improper Input ValidationCWE-913Improper Control of Dynamically-Managed Code Resources4 documents4 sources
Severity
9.8CRITICALNVD
CNA6.8
EPSS
0.2%
top 63.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Eclipse Foundation GlassfishEclipse Glassfish
Timeline
PublishedNov 3

Description

In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDeclipse/glassfish5.0.06.2.5
CVEListV5eclipse_foundation/glassfish6.0.06.2.5+1

🔴Vulnerability Details

3
GHSA
Eclipse Glassfish remote code execution issue2023-11-03
CVEList
Glassfish remote code execution2023-11-03
OSV
Eclipse Glassfish remote code execution issue2023-11-03
CVE-2023-5763 — Improper Input Validation | cvebase