CVE-2024-9342 MEDIUM

CVE-2024-9342

Vendor Eclipse Foundation
Product Eclipse Glassfish
Weakness CWE-307 · Brute force
Published July 16, 2025
Last update July 16, 2025

CVSS base score

6.3/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N

What the vulnerability does

01Description

In Eclipse GlassFish version 7.0.16 or earlier it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts.

Key dates

02Disclosure timeline

July 16, 2025 CVE published
July 16, 2025 Record updated