Remote Monitoring and Control Vulnerability in Oracle GlassFish Open Source Edition
CVE-2018-14324
9.8CRITICAL
Summary
An open TCP port (7676) in Oracle GlassFish Open Source Edition 5.0, protected by a weak default password for the admin account, enables remote attackers to gain unauthorized access. This vulnerability allows potential exploitation through JMX RMI sessions, which could lead to sensitive data exposure or manipulation of the demo feature, posing serious risks for deployed applications.
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved