Vulnerabilities (CVE)

Filtered by vendor Eclipse Subscribe
Filtered by product Glassfish
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-5763 1 Eclipse 1 Glassfish 2023-12-10 N/A 9.8 CRITICAL
In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.
CVE-2022-2712 1 Eclipse 1 Glassfish 2023-12-10 N/A 7.5 HIGH
In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed application source code.