ГлавнаяУязвимости → CVE-2024-9342
9.8критическая

CVE-2024-9342

Описание

In Eclipse GlassFish versions before 8.0.3 it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts. GlassFish 8.0.3 adds automatic attack protection documented in https://glassfish.org/docs/latest/security-guide.html#brute-force-attack-protection .

Затрагиваемое ПО
Eclipse Glassfish
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://gitlab.eclipse.org/security/cve-assignement/-/issues/33