CVE-2024-9342

CRITICAL

Eclipse GlassFish <= 7.0.16 - Unauthenticated Login Brute Force

Title source: llm

Description

In Eclipse GlassFish version 7.0.16 or earlier it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts.

References (1)

Core 1

Core References

Issue Tracking

https://gitlab.eclipse.org/security/cve-assignement/-/issues/33

Scores

CVSS v3 9.8

EPSS 0.0038

EPSS Percentile 29.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-307

Status published

Products (2)

eclipse/glassfish 7.0.16

org.glassfish.main.admingui/console-common 0Maven

Published Jul 16, 2025

Tracked Since Feb 18, 2026