Oracle

Glassfish Server

40 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2021-3314

Exploit
  • EPSS 0.18%
  • Published 25.06.2021 16:15:17
  • Last modified 21.11.2024 06:21:16

Oracle GlassFish Server 3.1.2.18 and below allows /common/logViewer/logViewer.jsf XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the w...

5.3

CVE-2018-3210

  • EPSS 0.57%
  • Published 17.10.2018 01:31:23
  • Last modified 21.11.2024 04:05:26

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network acces...

7.5

CVE-2018-3152

  • EPSS 1.52%
  • Published 17.10.2018 01:31:17
  • Last modified 21.11.2024 04:05:17

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access v...

8.3

CVE-2018-2911

  • EPSS 1.23%
  • Published 17.10.2018 01:31:14
  • Last modified 21.11.2024 04:04:44

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network acces...

10

CVE-2018-14324

  • EPSS 2.46%
  • Published 16.07.2018 18:29:00
  • Last modified 21.11.2024 03:48:49

The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP port 7676 open by default with a password of admin for the admin account. This allows remote attackers to obtain potentially sensitive information, perform database operations, or m...

5.8

CVE-2017-10400

  • EPSS 0.4%
  • Published 19.10.2017 17:29:05
  • Last modified 20.04.2025 01:37:25

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration Graphical User Interface). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attac...

6.8

CVE-2017-10393

  • EPSS 0.41%
  • Published 19.10.2017 17:29:05
  • Last modified 20.04.2025 01:37:25

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network ...

7.5

CVE-2017-10391

  • EPSS 0.68%
  • Published 19.10.2017 17:29:05
  • Last modified 20.04.2025 01:37:25

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network...

6.8

CVE-2017-10385

  • EPSS 0.39%
  • Published 19.10.2017 17:29:05
  • Last modified 20.04.2025 01:37:25

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network ...

9.8

CVE-2017-1000030

  • EPSS 4.2%
  • Published 17.07.2017 13:18:16
  • Last modified 20.04.2025 01:37:25

Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain text password of administrative user and grant access...