Eclipse Foundation Eclipse Glassfish vulnerabilities
9 known vulnerabilities affecting eclipse_foundation/eclipse_glassfish.
Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4MEDIUM5
Vulnerabilities
Page 1 of 1
CVE-2026-2587P2CRITICALCVSS 9.6≥ 7.0.0, < 7.0.26≥ 7.1.0, < 7.1.1+1 more2026-05-19
CVE-2026-2587 [CRITICAL] CWE-917 CVE-2026-2587: A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rend
A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml files and evaluates user-supplied values within a context where Expression Language (EL) “expressions” are processed without proper sanitization or escaping. By injec
nvd
CVE-2026-2586P2CRITICALCVSS 9.1≥ 7.0.0, < 7.0.26≥ 7.1.0, < 7.1.1+1 more2026-05-19
CVE-2026-2586 [CRITICAL] CWE-94 CVE-2026-2586: An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administrat
An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user. This issue affects Eclipse GlassFish: from 8.0.0 to 8.0.1, fixed
nvd
CVE-2024-9408P3CRITICALCVSS 9.8v6.2.52025-07-16
CVE-2024-9408 [CRITICAL] CWE-918 CVE-2024-9408: In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery att
In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints.
nvd
CVE-2024-9342P3CRITICALCVSS 9.8v5.1.0≥ 6.0.0, ≤ 6.2.5+3 more2025-07-16
CVE-2024-9342 [CRITICAL] CWE-307 CVE-2024-9342: In Eclipse GlassFish version 7.0.16 or earlier it is possible to perform Login Brute Force attacks a
In Eclipse GlassFish version 7.0.16 or earlier it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts.
nvd
CVE-2023-41080P3MEDIUMCVSS 6.1≥ 5.1.0, < 7.0.102023-08-25
CVE-2023-41080 [MEDIUM] CWE-601 CVE-2023-41080: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apa
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.
Older, EOL versions may also be affected.
The vulnerability is limited to the
nvd
CVE-2024-9343P4MEDIUMCVSS 6.1v7.0.152025-07-16
CVE-2024-9343 [MEDIUM] CWE-79 CVE-2024-9343: In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in th
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting
attacks in the Administration Console.
nvd
CVE-2024-10032P4MEDIUMCVSS 5.4v7.0.152025-07-16
CVE-2024-10032 [MEDIUM] CWE-79 CVE-2024-10032: In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in th
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting
attacks in the Administration Console.
nvd
CVE-2024-10029P4MEDIUMCVSS 6.1v7.0.152025-07-16
CVE-2024-10029 [MEDIUM] CWE-79 CVE-2024-10029: In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting attacks in
In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting
attacks in the Administration Console.
nvd
CVE-2024-10031P4MEDIUMCVSS 5.4v7.0.152025-07-16
CVE-2024-10031 [MEDIUM] CWE-79 CVE-2024-10031: In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by mo
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting
attacks by modifying the configuration file in the underlying operating system.
nvd