Redteamtim

**Name of the Vulnerable Software and Affected Versions** Eclipse GlassFish versions 7.0.16 and earlier **Description** Eclipse GlassFish is susceptible to login brute-force attacks due to the absence of restrictions on the number of failed login attempts. **Recommendations** Apply a configuration to limit the number of failed login attempts.

**Name of the Vulnerable Software and Affected Versions** Eclipse GlassFish version 7.0.15 **Description** Eclipse GlassFish version 7.0.15 is susceptible to Stored Cross-site scripting attacks within the Administration Console. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Eclipse GlassFish version 7.0.15 **Description** Eclipse GlassFish version 7.0.15 is susceptible to Reflected Cross-site scripting attacks within the Administration Console. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.