CVE-2026-2586
- EPSS 0.82%
- Veröffentlicht 19.05.2026 14:12:06
- Zuletzt bearbeitet 29.06.2026 09:16:28
An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privil...
CVE-2026-2587
- EPSS 0.63%
- Veröffentlicht 19.05.2026 14:03:18
- Zuletzt bearbeitet 29.06.2026 09:16:28
A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml files and evaluates user-supplied values within a context where E...
CVE-2024-10031
- EPSS 0.16%
- Veröffentlicht 16.07.2025 11:15:23
- Zuletzt bearbeitet 16.07.2025 19:56:10
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configuration file in the underlying operating system.
CVE-2024-10032
- EPSS 0.21%
- Veröffentlicht 16.07.2025 11:15:23
- Zuletzt bearbeitet 16.07.2025 19:55:57
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console.
CVE-2024-9408
- EPSS 0.29%
- Veröffentlicht 16.07.2025 11:15:03
- Zuletzt bearbeitet 16.07.2025 19:54:17
In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints.
CVE-2024-10029
- EPSS 0.2%
- Veröffentlicht 16.07.2025 10:55:35
- Zuletzt bearbeitet 16.07.2025 19:56:18
In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting attacks in the Administration Console.
CVE-2024-9343
- EPSS 0.22%
- Veröffentlicht 16.07.2025 10:47:55
- Zuletzt bearbeitet 16.07.2025 19:55:32
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console.
CVE-2024-9342
- EPSS 0.4%
- Veröffentlicht 16.07.2025 10:14:28
- Zuletzt bearbeitet 16.07.2025 19:55:45
In Eclipse GlassFish version 7.0.16 or earlier it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts.
CVE-2024-9329
- EPSS 0.68%
- Veröffentlicht 30.09.2024 08:15:05
- Zuletzt bearbeitet 21.11.2024 09:54:17
In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker ma...
CVE-2024-8646
- EPSS 0.36%
- Veröffentlicht 11.09.2024 14:15:14
- Zuletzt bearbeitet 18.09.2024 20:20:51
In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed. This vulnerability is caused by the vulnerability (CVE-2023-41080) in the Apache code included in GlassFish. This vulnerability only affects ap...