CVE-2018-14324
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP port 7676 open by default with a password of admin for the admin account. This allows remote attackers to obtain potentially sensitive information, perform database operations, or manipulate the demo via a JMX RMI session, aka a "jmx_rmi remote monitoring and control problem." NOTE: this is not an Oracle supported product.
La característica demo en Oracle GlassFish Open Source Edition 5.0 tiene el puerto TCP 7676 abierto por defecto con una contraseña "admin" para la cuenta de administrador. Esto permite que atacantes remotos obtengan información potencialmente sensible, realicen operaciones en la base de datos o manipulen la demo mediante una sesión JMX RMI. Esto también se conoce como "jmx_rmi remote monitoring and control problem". NOTA: este producto no cuenta con soporte por parte de Oracle.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-07-16 CVE Reserved
- 2018-07-16 CVE Published
- 2024-06-25 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-798: Use of Hard-coded Credentials
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id/1041292 | Third Party Advisory | |
| https://github.com/eclipse-ee4j/glassfish/issues/22500 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Oracle Search vendor "Oracle" | Glassfish Server Search vendor "Oracle" for product "Glassfish Server" | 5.0 Search vendor "Oracle" for product "Glassfish Server" and version "5.0" | open_source |
Affected
| ||||||