CVE-2018-14324

Name of the Vulnerable Software and Affected Versions Oracle GlassFish Open Source Edition version 5.0

Description The issue allows remote attackers to obtain potentially sensitive information, perform database operations, or manipulate the demo via a JMX RMI session. This is due to the demo feature having TCP port 7676 open by default with a password of admin for the admin account.

Recommendations For Oracle GlassFish Open Source Edition version 5.0, change the default password of the admin account to prevent unauthorized access. Consider restricting access to TCP port 7676 to minimize the risk of exploitation. As a temporary workaround, consider disabling the demo feature until a more secure configuration can be implemented.