Remote Monitoring and Control Vulnerability in Oracle GlassFish Open Source Edition
CVE-2018-14324

9.8CRITICAL

Key Information:

Vendor: Oracle
Status: Glassfish Server
Vendor: CVE Published:; 16 July 2018

Summary

An open TCP port (7676) in Oracle GlassFish Open Source Edition 5.0, protected by a weak default password for the admin account, enables remote attackers to gain unauthorized access. This vulnerability allows potential exploitation through JMX RMI sessions, which could lead to sensitive data exposure or manipulation of the demo feature, posing serious risks for deployed applications.

References

http://www.securitytracker.com/id/1041292

vdb-entryx_refsource_SECTRACK

https://github.com/eclipse-ee4j/glassfish/issues/22500

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 16, 2018
Vulnerability Reserved
Jul 16, 2018