CVE-2024-9342 – org.glassfish.main.admingui:console-common

Package

Manager: maven
Name: org.glassfish.main.admingui:console-common
Vulnerable Version: >=0 <=7.0.25

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N

EPSS: 0.00045 pctl0.13143

Details

Eclipse GlassFish is vulnerable to Login Brute Force attacks through unlimited failed login attempts In Eclipse GlassFish version 7.0.16 or earlier, it is possible to perform login brute force attacks as there is no limitation on the number of failed login attempts.

Metadata

Created: 2025-07-16T12:30:22Z
Modified: 2025-07-18T17:23:26Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/07/GHSA-99f7-hp6j-v6q4/GHSA-99f7-hp6j-v6q4.json
CWE IDs: ["CWE-307"]
Alternative ID: GHSA-99f7-hp6j-v6q4
Finding: F053
Auto approve: 1