We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Assigner | eclipse |
Reserved | 2023-10-25 |
Published | 2023-11-03 |
Updated | 2024-09-05 |
In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N |
CWE-913 Improper Control of Dynamically-Managed Code Resources
CWE-20 Improper Input Validation
tr1ple kurosel (AntGroup FG)
https://glassfish.org/docs/latest/security-guide.html#securing-glassfish-server
https://gitlab.eclipse.org/security/cve-assignement/-/issues/14