CVE-2023-5763

Summary

In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.

Affected Software

VendorProductVersion RangeStatus
Eclipse FoundationGlassfish6.0.0 <= 6.2.5affected
Eclipse FoundationGlassfish5.0 <= 5.1affected

Weaknesses

  • CWE-913: CWE-913 Improper Control of Dynamically-Managed Code Resources
  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References