Eclipse

Glassfish

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 0.82%
  • Veröffentlicht 19.05.2026 14:12:06
  • Zuletzt bearbeitet 29.06.2026 09:16:28

An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privil...

Exploit
  • EPSS 0.63%
  • Veröffentlicht 19.05.2026 14:03:18
  • Zuletzt bearbeitet 29.06.2026 09:16:28

A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml files and evaluates user-supplied values within a context where E...

  • EPSS 0.16%
  • Veröffentlicht 16.07.2025 11:15:23
  • Zuletzt bearbeitet 16.07.2025 19:56:10

In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configuration file in the underlying operating system.

  • EPSS 0.21%
  • Veröffentlicht 16.07.2025 11:15:23
  • Zuletzt bearbeitet 16.07.2025 19:55:57

In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console.

  • EPSS 0.29%
  • Veröffentlicht 16.07.2025 11:15:03
  • Zuletzt bearbeitet 16.07.2025 19:54:17

In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints.

  • EPSS 0.2%
  • Veröffentlicht 16.07.2025 10:55:35
  • Zuletzt bearbeitet 16.07.2025 19:56:18

In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting attacks in the Administration Console.

  • EPSS 0.22%
  • Veröffentlicht 16.07.2025 10:47:55
  • Zuletzt bearbeitet 16.07.2025 19:55:32

In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console.

  • EPSS 0.4%
  • Veröffentlicht 16.07.2025 10:14:28
  • Zuletzt bearbeitet 16.07.2025 19:55:45

In Eclipse GlassFish version 7.0.16 or earlier it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts.

Exploit
  • EPSS 0.68%
  • Veröffentlicht 30.09.2024 08:15:05
  • Zuletzt bearbeitet 21.11.2024 09:54:17

In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker ma...

  • EPSS 0.36%
  • Veröffentlicht 11.09.2024 14:15:14
  • Zuletzt bearbeitet 18.09.2024 20:20:51

In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed. This vulnerability is caused by the vulnerability (CVE-2023-41080) in the Apache code included in GlassFish. This vulnerability only affects ap...