Eclipse GlassFish is vulnerable to Login Brute Force attacks through unlimited failed login attempts

GHSA-99f7-hp6j-v6q4 · CVE-2024-9342

Published Jul 16, 2025 · Modified Jul 18, 2025

Description

In Eclipse GlassFish version 7.0.16 or earlier, it is possible to perform login brute force attacks as there is no limitation on the number of failed login attempts.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-9342
PACKAGE https://github.com/eclipse-ee4j/glassfish
WEB https://gitlab.eclipse.org/security/cve-assignement/-/issues/33
WEB https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/231

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes