Remote Code Execution (RCE)

2023-11-0607:07:01

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

glassfish server

rce

orb listeners

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

Low

EPSS

0.001

Percentile

46.8%

JSON

org.glassfish.main.orb: orb-connector is vulnerable to Remote Code Execution (RCE). An attacker could exploit this vulnerability by sending a specially crafted RMI request to a vulnerable Glassfish server via access to insecure ORB listeners. The server would then execute the code contained in the request, which could allow the attacker to take control of the server. Note that this vulnerability is only exploitable when a JDK lower than 6u211, or < 7u201, or < 8u191 is in use.