Search criteria
4 vulnerabilities found for Glassfish by Eclipse Foundation
CVE-2024-9329 (GCVE-0-2024-9329)
Vulnerability from cvelistv5 – Published: 2024-09-30 07:11 – Updated: 2024-10-07 15:59
VLAI?
Title
Glassfish redirect to untrusted site
Summary
In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
Severity ?
CWE
- CWE-233 - Improper Handling of Parameters
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eclipse Foundation | Glassfish |
Affected:
5.1.0 , ≤ 7.0.16
(semver)
|
Credits
Marco Ventura (redteam https://www.gruppotim.it/it/footer/red-team.html)
Claudia Bartolini (redteam https://www.gruppotim.it/it/footer/red-team.html)
Andrea Carlo Maria Dattola (redteam https://www.gruppotim.it/it/footer/red-team.html)
Debora Esposito (redteam https://www.gruppotim.it/it/footer/red-team.html)
Massimiliano Brolli (redteam https://www.gruppotim.it/it/footer/red-team.html)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:eclipse_foundation:glassfish:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "glassfish",
"vendor": "eclipse_foundation",
"versions": [
{
"lessThanOrEqual": "7.0.16",
"status": "affected",
"version": "5.1.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9329",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T17:02:00.550829Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T17:03:26.168Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-10-07T15:59:12.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.gruppotim.it/it/footer/red-team.html"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Glassfish",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThanOrEqual": "7.0.16",
"status": "affected",
"version": "5.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Ventura (redteam https://www.gruppotim.it/it/footer/red-team.html)"
},
{
"lang": "en",
"type": "finder",
"value": "Claudia Bartolini (redteam https://www.gruppotim.it/it/footer/red-team.html)"
},
{
"lang": "en",
"type": "finder",
"value": "Andrea Carlo Maria Dattola (redteam https://www.gruppotim.it/it/footer/red-team.html)"
},
{
"lang": "en",
"type": "finder",
"value": "Debora Esposito (redteam https://www.gruppotim.it/it/footer/red-team.html)"
},
{
"lang": "en",
"type": "finder",
"value": "Massimiliano Brolli (redteam https://www.gruppotim.it/it/footer/red-team.html)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is \u0027/management/domain\u0027. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.\u003cbr\u003e"
}
],
"value": "In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is \u0027/management/domain\u0027. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-233",
"description": "CWE-233 Improper Handling of Parameters",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T07:11:53.688Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/eclipse-ee4j/glassfish/pull/25106"
},
{
"tags": [
"issue-tracking"
],
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/232"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Glassfish redirect to untrusted site",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2024-9329",
"datePublished": "2024-09-30T07:11:53.688Z",
"dateReserved": "2024-09-29T16:38:56.846Z",
"dateUpdated": "2024-10-07T15:59:12.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5763 (GCVE-0-2023-5763)
Vulnerability from cvelistv5 – Published: 2023-11-03 06:40 – Updated: 2024-09-05 19:04
VLAI?
Title
Glassfish remote code execution
Summary
In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.
Severity ?
6.8 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eclipse Foundation | Glassfish |
Affected:
6.0.0 , ≤ 6.2.5
(semver)
Affected: 5.0 , ≤ 5.1 (semver) |
Credits
tr1ple kurosel (AntGroup FG)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.848Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://glassfish.org/docs/latest/security-guide.html#securing-glassfish-server"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5763",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T18:52:07.586018Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T19:04:31.768Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Glassfish",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThanOrEqual": "6.2.5",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.1",
"status": "affected",
"version": "5.0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Running with older versions of the JDK (lower than 6u211, or \u0026lt; 7u201, or \u0026lt; 8u191)\u003cbr\u003e"
}
],
"value": "Running with older versions of the JDK (lower than 6u211, or \u003c 7u201, or \u003c 8u191)\n"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "tr1ple kurosel (AntGroup FG)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or \u0026lt; 7u201, or \u0026lt; 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.\u003cbr\u003e"
}
],
"value": "In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or \u003c 7u201, or \u003c 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63: Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-913",
"description": "CWE-913 Improper Control of Dynamically-Managed Code Resources",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-03T06:40:43.441Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"url": "https://glassfish.org/docs/latest/security-guide.html#securing-glassfish-server"
},
{
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/14"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Glassfish remote code execution",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2023-5763",
"datePublished": "2023-11-03T06:40:43.441Z",
"dateReserved": "2023-10-25T04:59:21.006Z",
"dateUpdated": "2024-09-05T19:04:31.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9329 (GCVE-0-2024-9329)
Vulnerability from nvd – Published: 2024-09-30 07:11 – Updated: 2024-10-07 15:59
VLAI?
Title
Glassfish redirect to untrusted site
Summary
In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
Severity ?
CWE
- CWE-233 - Improper Handling of Parameters
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eclipse Foundation | Glassfish |
Affected:
5.1.0 , ≤ 7.0.16
(semver)
|
Credits
Marco Ventura (redteam https://www.gruppotim.it/it/footer/red-team.html)
Claudia Bartolini (redteam https://www.gruppotim.it/it/footer/red-team.html)
Andrea Carlo Maria Dattola (redteam https://www.gruppotim.it/it/footer/red-team.html)
Debora Esposito (redteam https://www.gruppotim.it/it/footer/red-team.html)
Massimiliano Brolli (redteam https://www.gruppotim.it/it/footer/red-team.html)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:eclipse_foundation:glassfish:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "glassfish",
"vendor": "eclipse_foundation",
"versions": [
{
"lessThanOrEqual": "7.0.16",
"status": "affected",
"version": "5.1.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9329",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T17:02:00.550829Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T17:03:26.168Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-10-07T15:59:12.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.gruppotim.it/it/footer/red-team.html"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Glassfish",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThanOrEqual": "7.0.16",
"status": "affected",
"version": "5.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Ventura (redteam https://www.gruppotim.it/it/footer/red-team.html)"
},
{
"lang": "en",
"type": "finder",
"value": "Claudia Bartolini (redteam https://www.gruppotim.it/it/footer/red-team.html)"
},
{
"lang": "en",
"type": "finder",
"value": "Andrea Carlo Maria Dattola (redteam https://www.gruppotim.it/it/footer/red-team.html)"
},
{
"lang": "en",
"type": "finder",
"value": "Debora Esposito (redteam https://www.gruppotim.it/it/footer/red-team.html)"
},
{
"lang": "en",
"type": "finder",
"value": "Massimiliano Brolli (redteam https://www.gruppotim.it/it/footer/red-team.html)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is \u0027/management/domain\u0027. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.\u003cbr\u003e"
}
],
"value": "In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is \u0027/management/domain\u0027. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-233",
"description": "CWE-233 Improper Handling of Parameters",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T07:11:53.688Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/eclipse-ee4j/glassfish/pull/25106"
},
{
"tags": [
"issue-tracking"
],
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/232"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Glassfish redirect to untrusted site",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2024-9329",
"datePublished": "2024-09-30T07:11:53.688Z",
"dateReserved": "2024-09-29T16:38:56.846Z",
"dateUpdated": "2024-10-07T15:59:12.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5763 (GCVE-0-2023-5763)
Vulnerability from nvd – Published: 2023-11-03 06:40 – Updated: 2024-09-05 19:04
VLAI?
Title
Glassfish remote code execution
Summary
In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.
Severity ?
6.8 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Eclipse Foundation | Glassfish |
Affected:
6.0.0 , ≤ 6.2.5
(semver)
Affected: 5.0 , ≤ 5.1 (semver) |
Credits
tr1ple kurosel (AntGroup FG)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.848Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://glassfish.org/docs/latest/security-guide.html#securing-glassfish-server"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5763",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T18:52:07.586018Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T19:04:31.768Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Glassfish",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThanOrEqual": "6.2.5",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.1",
"status": "affected",
"version": "5.0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Running with older versions of the JDK (lower than 6u211, or \u0026lt; 7u201, or \u0026lt; 8u191)\u003cbr\u003e"
}
],
"value": "Running with older versions of the JDK (lower than 6u211, or \u003c 7u201, or \u003c 8u191)\n"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "tr1ple kurosel (AntGroup FG)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or \u0026lt; 7u201, or \u0026lt; 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.\u003cbr\u003e"
}
],
"value": "In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or \u003c 7u201, or \u003c 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63: Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-913",
"description": "CWE-913 Improper Control of Dynamically-Managed Code Resources",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-03T06:40:43.441Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"url": "https://glassfish.org/docs/latest/security-guide.html#securing-glassfish-server"
},
{
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/14"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Glassfish remote code execution",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2023-5763",
"datePublished": "2023-11-03T06:40:43.441Z",
"dateReserved": "2023-10-25T04:59:21.006Z",
"dateUpdated": "2024-09-05T19:04:31.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}