CVE-2024-9342

CVSS 6.3 MEDIUMEPSS 0.4%CWE-307

In Eclipse GlassFish versions before 8.0.3 it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts. GlassFish 8.0.3 adds automatic attack protection documented in https://glassfish.org/docs/latest/security-guide.html#brute-force-attack-protection .

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N

Affected products

Eclipse Foundation · Eclipse Glassfish

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://gitlab.eclipse.org/security/cve-assignement/-/issues/33