CVE-2021-3314

Name of the Vulnerable Software and Affected Versions Oracle GlassFish Server versions 3.1.2.18 and below

Description The issue allows a malicious user to cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. This issue only affects products that are no longer supported by the maintainer.

Recommendations For Oracle GlassFish Server versions 3.1.2.18 and below, consider disabling access to the /common/logViewer/logViewer.jsf page as a temporary workaround until a solution is determined, noting that these versions are no longer supported. At the moment, there is no information about a newer version that contains a fix for this vulnerability.