Unauthenticated Access Vulnerability in Oracle GlassFish Server by Oracle
CVE-2018-3210

5.3MEDIUM

Key Information:

Vendor: Oracle
Status: Glassfish Server
Vendor: CVE Published:; 17 October 2018

Summary

A vulnerability exists within the Oracle GlassFish Server component of Oracle Fusion Middleware, specifically in the Java Server Faces subcomponent. This security flaw enables an unauthenticated attacker to exploit network access via HTTP, potentially compromising the confidentiality of data stored on the server. The affected version, 3.1.2, poses a risk as it allows unauthorized access to certain data, which could lead to significant information exposure.

Affected Version(s)

GlassFish Server 3.1.2

References

http://www.oracle.com/technetwork/security-advisory/cpuoc...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/105618

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 17, 2018
Vulnerability Reserved
Dec 15, 2017