Eclipse Glassfish
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Eclipse Glassfish.
By the Year
In 2025 there have been 6 vulnerabilities in Eclipse Glassfish with an average score of 7.1 out of ten. Last year, in 2024 Glassfish had 2 security vulnerabilities published. That is, 4 more vulnerabilities have already been reported in 2025 as compared to last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 1.00.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 6 | 7.10 |
| 2024 | 2 | 6.10 |
| 2023 | 2 | 8.65 |
It may take a day or so for new Glassfish vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Eclipse Glassfish Security Vulnerabilities
GlassFish 6.2.5+ SSRF in specific endpoints
CVE-2024-9408
9.8 - Critical
- July 16, 2025
In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints.
SSRF
Eclipse GlassFish 7.0.15 S2S XSS in Admin Console
CVE-2024-9343
6.1 - Medium
- July 16, 2025
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console.
XSS
Eclipse GlassFish <=7.0.16 Brute Force Login
CVE-2024-9342
9.8 - Critical
- July 16, 2025
In Eclipse GlassFish version 7.0.16 or earlier it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts.
Improper Restriction of Excessive Authentication Attempts
Eclipse GlassFish 7.0.15: Stored XSS in Admin Console
CVE-2024-10032
5.4 - Medium
- July 16, 2025
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site scripting attacks in the Administration Console.
XSS
Eclipse GlassFish 7.0.15 Stored XSS via OS config file mod
CVE-2024-10031
5.4 - Medium
- July 16, 2025
In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configuration file in the underlying operating system.
XSS
Eclipse GlassFish 7.0.15 Reflected XSS in Admin Console
CVE-2024-10029
6.1 - Medium
- July 16, 2025
In Eclipse GlassFish version 7.0.15 is possible to perform Reflected Cross-site scripting attacks in the Administration Console.
XSS
Eclipse Glassfish <7.0.17 HTTP Host Param Redirect Phish
CVE-2024-9329
6.1 - Medium
- September 30, 2024
In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
Open Redirect
Eclipse Glassfish <7.0.10 URL redir to untrusted sites (root context)
CVE-2024-8646
6.1 - Medium
- September 11, 2024
In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed. This vulnerability is caused by the vulnerability (CVE-2023-41080) in the Apache code included in GlassFish. This vulnerability only affects applications that are explicitly deployed to the root context ('/').
Open Redirect
Eclipse GlassFish ORB Listener Remote Code Execution via JDK Version <8u191
CVE-2023-5763
9.8 - Critical
- November 03, 2023
In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.
Improper Control of Dynamically-Managed Code Resources
In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal
CVE-2022-2712
7.5 - High
- January 27, 2023
In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed application source code.
Directory traversal
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Eclipse Glassfish or by Eclipse? Click the Watch button to subscribe.
