Unauthenticated Access Vulnerability in Oracle GlassFish Server by Oracle
CVE-2018-3210

5.3MEDIUM

Key Information:

Vendor
Oracle
Vendor
CVE Published:
17 October 2018

Summary

A vulnerability exists within the Oracle GlassFish Server component of Oracle Fusion Middleware, specifically in the Java Server Faces subcomponent. This security flaw enables an unauthenticated attacker to exploit network access via HTTP, potentially compromising the confidentiality of data stored on the server. The affected version, 3.1.2, poses a risk as it allows unauthorized access to certain data, which could lead to significant information exposure.

Affected Version(s)

GlassFish Server 3.1.2

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.