CVE-2023-5763

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Eclipse Glassfish versions 5 or 6

Description The issue exists due to insufficient input validation, allowing a remote attacker to load malicious code on the server. This can be achieved via access to insecure ORB listeners when running with old versions of JDK, specifically lower than 6u211, 7u201, or 8u191.

Recommendations For Eclipse Glassfish versions 5 or 6, update the JDK to version 6u211, 7u201, or 8u191 or later to resolve the issue. As a temporary workaround, consider restricting access to insecure ORB listeners until a patch is available.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-913

Related Identifiers

BDU:2023-08340

CVE-2023-5763

GHSA-2MW4-WJ8C-7F93

Affected Products

Eclipse Glassfish

Jdk

CVE-2023-5763

Weakness Enumeration

Related Identifiers

Affected Products

References · 8