CVE-2024-9342

CRITICAL

Eclipse Glassfish - Brute Force

Title source: rule

Description

In Eclipse GlassFish version 7.0.16 or earlier it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts.

References (1)

[Issue Tracking] https://gitlab.eclipse.org/security/cve-assignement/-/issues/33

Scores

CVSS v3 9.8

EPSS 0.0007

EPSS Percentile 21.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-307

Status published

Affected Products (2)

eclipse/glassfish

org.glassfish.main.admingui/console-common Maven

Timeline

Published Jul 16, 2025

Tracked Since Feb 18, 2026