Eclipse GlassFish <=7.0.16 Brute Force Login
CVE-2024-9342 Published on July 16, 2025
In Eclipse GlassFish version 7.0.16 or earlier it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts.
Weakness Type
Improper Restriction of Excessive Authentication Attempts
The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks.
Products Associated with CVE-2024-9342
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-9342 are published in Eclipse Glassfish:
Affected Versions
Eclipse Foundation Eclipse Glassfish Version 7.0.16 is affected by CVE-2024-9342Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.