CVE-2018-14324

9.8CRITICAL

Key Information:

Vendor: Oracle
Status: Glassfish Server
Vendor: CVE Published:; 16 July 2018

Summary

The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP port 7676 open by default with a password of admin for the admin account. This allows remote attackers to obtain potentially sensitive information, perform database operations, or manipulate the demo via a JMX RMI session, aka a "jmx_rmi remote monitoring and control problem." NOTE: this is not an Oracle supported product.

References

http://www.securitytracker.com/id/1041292

vdb-entryx_refsource_SECTRACK

https://github.com/eclipse-ee4j/glassfish/issues/22500

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 16, 2018
Vulnerability Reserved
Jul 16, 2018