CVE-2023-5763
6.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Summary
In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Eclipse Foundation | Glassfish | 6.0.0 <= 6.2.5 | affected |
| Eclipse Foundation | Glassfish | 5.0 <= 5.1 | affected |
Weaknesses
- CWE-913: CWE-913 Improper Control of Dynamically-Managed Code Resources
- CWE-20: CWE-20 Improper Input Validation
ADP Enrichment
CVE Program Container
Additional References
- https://glassfish.org/docs/latest/security-guide.html#securing-glassfish-server
- https://gitlab.eclipse.org/security/cve-assignement/-/issues/14
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://glassfish.org/docs/latest/security-guide.html#securing-glassfish-server
- https://gitlab.eclipse.org/security/cve-assignement/-/issues/14
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.