Lucene search
EclipseCVELIST:CVE-2023-5763HistoryNov 03, 2023 - 6:40 a.m.
CVE-2023-5763 Glassfish remote code execution
2023-11-0306:40:43
CWE-913
CWE-20
eclipse
www.cve.org
10
eclipse glassfish 5
eclipse glassfish 6
jdk
orb listeners
remote code execution
CVSS3
6.8
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
AI Score
9.7
Confidence
High
EPSS
0.001
Percentile
46.8%
In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Glassfish",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThanOrEqual": "6.2.5",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.1",
"status": "affected",
"version": "5.0",
"versionType": "semver"
}
]
}
]Related
vulnrichment
vulnrichment
CVE-2023-5763 Glassfish remote code execution
2023-11-03 06:40:43
github
github
Eclipse Glassfish remote code execution issue
2023-11-03 09:32:49
veracode
veracode
Remote Code Execution (RCE)
2023-11-06 07:07:01
nvd
nvd
CVE-2023-5763
2023-11-03 07:15:14
prion
prion
Code injection
2023-11-03 07:15:00
osv
osv
Eclipse Glassfish remote code execution issue
2023-11-03 09:32:49
cve
cve
CVE-2023-5763
2023-11-03 07:15:14
CVSS3
6.8
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
AI Score
9.7
Confidence
High
EPSS
0.001
Percentile
46.8%
Related for CVELIST:CVE-2023-5763