Remote Monitoring and Control Vulnerability in Oracle GlassFish Open Source Edition
CVE-2018-14324

9.8CRITICAL

Key Information:

Vendor
Oracle
Vendor
CVE Published:
16 July 2018

Summary

An open TCP port (7676) in Oracle GlassFish Open Source Edition 5.0, protected by a weak default password for the admin account, enables remote attackers to gain unauthorized access. This vulnerability allows potential exploitation through JMX RMI sessions, which could lead to sensitive data exposure or manipulation of the demo feature, posing serious risks for deployed applications.

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.