CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
46.8%
org.glassfish.main.orb: orb-connector is vulnerable to Remote Code Execution (RCE). An attacker could exploit this vulnerability by sending a specially crafted RMI request to a vulnerable Glassfish server via access to insecure ORB listeners. The server would then execute the code contained in the request, which could allow the attacker to take control of the server. Note that this vulnerability is only exploitable when a JDK lower than 6u211, or < 7u201, or < 8u191 is in use.