Vulnerability in Oracle GlassFish Server Component of Oracle Fusion Middleware
CVE-2016-5528

9CRITICAL

Key Information:

Vendor
Oracle
Vendor
CVE Published:
27 January 2017

Summary

A security vulnerability exists in the Oracle GlassFish Server component of Oracle Fusion Middleware, affecting versions 2.1.1, 3.0.1, and 3.1.2. This vulnerability allows an unauthenticated attacker with network access to exploit the server via multiple protocols. While the vulnerability is specific to the Oracle GlassFish Server, successful exploitation could potentially impact additional Oracle products. Attackers can gain control over the GlassFish Server, bringing about significant security risks for organizations relying on affected versions.

Affected Version(s)

GlassFish Server 2.1.1

GlassFish Server 3.0.1

GlassFish Server 3.1.2

References

CVSS V3.1

Score:
9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.