Oracle

Glassfish Server

40 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2021-3314

Exploit
  • EPSS 0.18%
  • Veröffentlicht 25.06.2021 16:15:17
  • Zuletzt bearbeitet 21.11.2024 06:21:16

Oracle GlassFish Server 3.1.2.18 and below allows /common/logViewer/logViewer.jsf XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the w...

5.3

CVE-2018-3210

  • EPSS 0.57%
  • Veröffentlicht 17.10.2018 01:31:23
  • Zuletzt bearbeitet 21.11.2024 04:05:26

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network acces...

7.5

CVE-2018-3152

  • EPSS 1.52%
  • Veröffentlicht 17.10.2018 01:31:17
  • Zuletzt bearbeitet 21.11.2024 04:05:17

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access v...

8.3

CVE-2018-2911

  • EPSS 1.23%
  • Veröffentlicht 17.10.2018 01:31:14
  • Zuletzt bearbeitet 21.11.2024 04:04:44

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network acces...

10

CVE-2018-14324

  • EPSS 2.46%
  • Veröffentlicht 16.07.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:48:49

The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP port 7676 open by default with a password of admin for the admin account. This allows remote attackers to obtain potentially sensitive information, perform database operations, or m...

5.8

CVE-2017-10400

  • EPSS 0.4%
  • Veröffentlicht 19.10.2017 17:29:05
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration Graphical User Interface). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attac...

6.8

CVE-2017-10393

  • EPSS 0.41%
  • Veröffentlicht 19.10.2017 17:29:05
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network ...

7.5

CVE-2017-10391

  • EPSS 0.68%
  • Veröffentlicht 19.10.2017 17:29:05
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network...

6.8

CVE-2017-10385

  • EPSS 0.39%
  • Veröffentlicht 19.10.2017 17:29:05
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network ...

9.8

CVE-2017-1000030

  • EPSS 4.2%
  • Veröffentlicht 17.07.2017 13:18:16
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain text password of administrative user and grant access...