CVE-2024-9342

CRITICAL

Eclipse Glassfish - Brute Force

Title source: rule

Description

In Eclipse GlassFish version 7.0.16 or earlier it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts.

References (1)

[Issue Tracking] https://gitlab.eclipse.org/security/cve-assignement/-/issues/33

Scores

CVSS v3 9.8

EPSS 0.0010

EPSS Percentile 27.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-307

Status published

Products (2)

eclipse/glassfish 7.0.16

org.glassfish.main.admingui/console-common 0Maven

Published Jul 16, 2025

Tracked Since Feb 18, 2026