Camilo G

**Name of the Vulnerable Software and Affected Versions** GlassFish (affected versions not specified) **Description** An authenticated Remote Code Execution (RCE) issue exists in the Administration Console. A user with access to the panel can send crafted requests to execute arbitrary operating system commands with the privileges of the application service user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Eclipse OpenMQ (affected versions not specified) **Description** Eclipse OpenMQ includes a TCP-based management service (`imqbrokerd`) that requires authentication by default. The product is shipped with a default administrative account (`admin`/`admin`) and does not enforce a mandatory password change upon first use. The server continues to accept the default password indefinitely after the initial successful login, without any warning or enforcement. An attacker with access to the service port could authenticate as an administrator and gain full control of the protocol’s administrative features. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.