CVE Catalog

CVE-2024-9342

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.40%

32th percentile - higher than 32% of all known CVEs

Summary

In Eclipse GlassFish versions before 8.0.3, it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts.

Risk Assessment

The lack of limits on login attempts can lead to unauthorized access to the system, posing a serious security threat to the organization.

Recommendation

It is recommended to upgrade to version 8.0.3 or later to take advantage of the built-in protection against brute force attacks.

Original NVD description (English source)

In Eclipse GlassFish versions before 8.0.3 it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts. GlassFish 8.0.3 adds automatic attack protection documented in https://glassfish.org/docs/latest/security-guide.html#brute-force-attack-protection .

Vulnerability data from NVD (NIST) · CISA KEV · EPSS