PT-2017-10740 · Oracle · Glassfish Server Open Source Edition

Publicado

2017-07-13

Atualizado

2017-07-21

CVE-2017-1000030

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GlassFish Server Open Source Edition version 3.0.1

Description The issue allows an unauthenticated attacker to obtain the plain text password of an administrative user, granting access to the web-based administration interface.

Recommendations For GlassFish Server Open Source Edition version 3.0.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2017-1000030

Produtos afetados

Glassfish Server Open Source Edition

PT-2017-10740 · Oracle · Glassfish Server Open Source Edition

CVE-2017-1000030

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3