← back
CVE-2024-9342

CVE-2024-9342

CVSS 6.3 MEDIUMEPSS 0.4%CWE-307
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.3EPSS 0.4%KEV nãoPoC Patch
Lifecycle
16 Jul 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In Eclipse GlassFish versions before 8.0.3 it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts. GlassFish 8.0.3 adds automatic attack protection documented in https://glassfish.org/docs/latest/security-guide.html#brute-force-attack-protection .
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N
Affected products
Eclipse Foundation · Eclipse Glassfish

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://gitlab.eclipse.org/security/cve-assignement/-/issues/33