CVE-2023-5763

MEDIUM

Eclipse Glassfish 5.0.0-6.2.4 - Remote Code Execution via Insecure ORB Listeners

Title source: llm

Description

In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.

References (2)

Core 2

Core References

Issue Tracking, Vendor Advisory

https://gitlab.eclipse.org/security/cve-assignement/-/issues/14

Product

https://glassfish.org/docs/latest/security-guide.html#securing-glassfish-server

Scores

CVSS v3 6.8

EPSS 0.0065

EPSS Percentile 46.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-20 CWE-913

Status published

Products (2)

eclipse/glassfish 5.0.0 - 6.2.5

org.glassfish.main.orb/orb-connector 5.0.0 - 7.0.0Maven

Published Nov 03, 2023

Tracked Since Feb 18, 2026