CVE-2024-9342 — Improper Restriction of Excessive Authentication Attempts in Foundation Eclipse Glassfish

CWE-307 — Improper Restriction of Excessive Authentication Attempts4 documents4 sources

Severity

6.3MEDIUMNVD

EPSS

0.1%

top 72.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Eclipse Foundation Eclipse Glassfish Eclipse Glassfish

Timeline

PublishedJul 16

Description

In Eclipse GlassFish version 7.0.16 or earlier it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts.

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N

Affected Packages2 packages

▶NVDeclipse/glassfish7.0.16

▶CVEListV5eclipse_foundation/eclipse_glassfish7.0.16

🔴Vulnerability Details

GHSA

Eclipse GlassFish is vulnerable to Login Brute Force attacks through unlimited failed login attempts↗2025-07-16

▶

OSV

Eclipse GlassFish is vulnerable to Login Brute Force attacks through unlimited failed login attempts↗2025-07-16

▶

CVEList

CVE-2024-9342: In Eclipse GlassFish version 7↗2025-07-16

▶