CVE-2024-9342
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk32th percentile - higher than 32% of all known CVEs
Summary
In Eclipse GlassFish versions before 8.0.3, it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts.
Risk Assessment
The lack of limits on login attempts can lead to unauthorized access to the system, posing a serious security threat to the organization.
Recommendation
It is recommended to upgrade to version 8.0.3 or later to take advantage of the built-in protection against brute force attacks.
Original NVD description (English source)
In Eclipse GlassFish versions before 8.0.3 it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts. GlassFish 8.0.3 adds automatic attack protection documented in https://glassfish.org/docs/latest/security-guide.html#brute-force-attack-protection .

