Eclipse Foundation Eclipse Glassfish vulnerabilities
8 known vulnerabilities affecting eclipse_foundation/eclipse_glassfish.
Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM7
Vulnerabilities
Page 1 of 1
CVE-2024-9408HIGHCVSS 8.9v6.2.52025-07-16
CVE-2024-9408 [HIGH] CWE-918 CVE-2024-9408: In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery att
In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints.
cvelistv5nvd
CVE-2024-10032MEDIUMCVSS 6.1v7.0.152025-07-16
CVE-2024-10032 [MEDIUM] CWE-79 CVE-2024-10032: In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting
attacks in th
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting
attacks in the Administration Console.
cvelistv5nvd
CVE-2024-10029MEDIUMCVSS 4.5v7.0.152025-07-16
CVE-2024-10029 [MEDIUM] CWE-79 CVE-2024-10029: In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting
attacks in
In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting
attacks in the Administration Console.
cvelistv5nvd
CVE-2024-9342MEDIUMCVSS 6.3v7.0.162025-07-16
CVE-2024-9342 [MEDIUM] CWE-307 CVE-2024-9342: In Eclipse GlassFish version 7.0.16 or earlier it is possible to perform Login Brute Force attacks a
In Eclipse GlassFish version 7.0.16 or earlier it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts.
cvelistv5nvd
CVE-2024-9343MEDIUMCVSS 6.1v7.0.152025-07-16
CVE-2024-9343 [MEDIUM] CWE-79 CVE-2024-9343: In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting
attacks in th
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting
attacks in the Administration Console.
cvelistv5nvd
CVE-2024-10031MEDIUMCVSS 5.8v7.0.152025-07-16
CVE-2024-10031 [MEDIUM] CWE-79 CVE-2024-10031: In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting
attacks by mo
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting
attacks by modifying the configuration file in the underlying operating system.
cvelistv5nvd
CVE-2024-8646MEDIUMCVSS 6.1≥ 5.1.0, < 7.0.102024-09-11
CVE-2024-8646 [MEDIUM] CWE-601 Eclipse Glassfish: URL redirection vulnerability to untrusted sites
Eclipse Glassfish: URL redirection vulnerability to untrusted sites
In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed.
This vulnerability is caused by the vulnerability (CVE-2023-41080) in the Apache code included in GlassFish.
This vulnerability only affects applications that are explicitly deployed to the root context ('/').
cvelistv5
CVE-2023-41080MEDIUMCVSS 6.1≥ 5.1.0, < 7.0.102023-08-25
CVE-2023-41080 [MEDIUM] CWE-601 CVE-2023-41080: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apa
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.
Older, EOL versions may also be affected.
The vulnerability is limited to the
nvd