CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3314
https://notcve.org/view.php?id=CVE-2021-3314
25 Jun 2021 — Oracle GlassFish Server 3.1.2.18 and below allows /common/logViewer/logViewer.jsf XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. NOTE: This vulnerability only affects products that are no longer supported by the maintainer... • https://n4nj0.github.io/advisories/oracle-glassfish-reflected-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-10385
https://notcve.org/view.php?id=CVE-2017-10385
19 Oct 2017 — Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Glass... • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-10391
https://notcve.org/view.php?id=CVE-2017-10391
19 Oct 2017 — Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Orac... • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-10393
https://notcve.org/view.php?id=CVE-2017-10393
19 Oct 2017 — Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Glass... • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html •
CVSS: 7.5EPSS: 62%CPEs: 1EXPL: 0CVE-2017-1000029
https://notcve.org/view.php?id=CVE-2017-1000029
13 Jul 2017 — Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability can be exploited without any prior authentication. Oracle, GlassFish Server Open Source Edition versión 3.0.1 (build 22), es susceptible a la vulnerabilidad de Inclusión de Archivos Locales, que hace posible incluir archivos arbitrarios en el servidor, esta vulnerabilidad puede ser explotada sin ninguna autentic... • https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-011/?fid=8037 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0CVE-2017-1000030
https://notcve.org/view.php?id=CVE-2017-1000030
13 Jul 2017 — Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain text password of administrative user and grant access to the web-based administration interface. Oracle, GlassFish Server Open Source Edition versión 3.0.1 (build 22), es susceptible a la vulnerabilidad de divulgación de contraseña de Key Store de Java, lo que hace posible proporcionar al atacante no autenticado u... • https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-011/?fid=8037 • CWE-287: Improper Authentication •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2017-3239
https://notcve.org/view.php?id=CVE-2017-3239
27 Jan 2017 — Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle GlassFish Server executes to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GlassFish Server accessible data. CVSS v3.0 Base Score 3.3 (Co... • http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2017-3247
https://notcve.org/view.php?id=CVE-2017-3247
27 Jan 2017 — Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMTP to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFi... • http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-3249
https://notcve.org/view.php?id=CVE-2017-3249
27 Jan 2017 — Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Ora... • http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-3250
https://notcve.org/view.php?id=CVE-2017-3250
27 Jan 2017 — Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Ora... • http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •