CVE-2024-9342
published 2025-07-16CVE-2024-9342: In Eclipse GlassFish version 7.0.16 or earlier it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login…
PriorityP346critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.40%
32.2th percentile
In Eclipse GlassFish version 7.0.16 or earlier it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| eclipse | glassfish | — | — |
| eclipse_foundation | eclipse_glassfish | — | — |
| eclipse_foundation | eclipse_glassfish | — | — |
| eclipse_foundation | eclipse_glassfish | 6.0.0 – 6.2.5 | — |
| eclipse_foundation | eclipse_glassfish | 7.0.0 – 7.0.25 | — |
| eclipse_foundation | eclipse_glassfish | >= 8.0.0 < 8.0.3 | 8.0.3 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.06.3MEDIUMCVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Eclipse Glassfish 7.0.16 Failed Login excessive authentication (Issue 33 / EUVD-2024-54788)
vuldb·2026-06-21·CVSS 9.8
CVE-2024-9342 [CRITICAL] Eclipse Glassfish 7.0.16 Failed Login excessive authentication (Issue 33 / EUVD-2024-54788)
A vulnerability has been found in Eclipse Glassfish 7.0.16 and classified as problematic. This affects an unknown function of the component Failed Login Handler. Performing a manipulation results in improper restriction of excessive authentication attempts.
This vulnerability is cataloged as CVE-2024-9342. The attack must originate from the local network. There is no exploit available.
GHSA
Eclipse GlassFish is vulnerable to Login Brute Force attacks through unlimited failed login attempts
ghsa·2025-07-16
CVE-2024-9342 [MEDIUM] CWE-307 Eclipse GlassFish is vulnerable to Login Brute Force attacks through unlimited failed login attempts
Eclipse GlassFish is vulnerable to Login Brute Force attacks through unlimited failed login attempts
In Eclipse GlassFish version 7.0.16 or earlier, it is possible to perform login brute force attacks as there is no limitation on the number of failed login attempts.
OSV
Eclipse GlassFish is vulnerable to Login Brute Force attacks through unlimited failed login attempts
osv·2025-07-16
CVE-2024-9342 [MEDIUM] Eclipse GlassFish is vulnerable to Login Brute Force attacks through unlimited failed login attempts
Eclipse GlassFish is vulnerable to Login Brute Force attacks through unlimited failed login attempts
In Eclipse GlassFish version 7.0.16 or earlier, it is possible to perform login brute force attacks as there is no limitation on the number of failed login attempts.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-07-16
Published