EPSS
Percentile
99.6%
Glassfish is vulnerable to remote code execution (RCE). A malicious user can log into the admin account by passing null as the password. The user once logged in can deploy and execute an arbitrary war file.
securityreason.com/securityalert/8327
www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
blogs.oracle.com/theaquarium/entry/spotlight_on_glassfish_4_18
github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/glassfish_deployer.rb