CVE-2024-9329 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.1 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
eclipse	CNA	---				---
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 5%

Vendor	Product	Version
eclipse_foundation	glassfish	7.0.16 ≤ 𝑥 ≤ 7.0.16
eclipse	glassfish	𝑥 < 7.0.17

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-233 - Improper Handling of Parameters
The software does not properly handle when the expected number of parameters, fields, or arguments is not provided in input, or if those parameters are undefined.
CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References

https://github.com/eclipse-ee4j/glassfish/pull/25106

https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/232

https://www.gruppotim.it/it/footer/red-team.html