{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-9342","assignerOrgId":"e51fbebd-6053-4e49-959f-1b94eeb69a2c","state":"PUBLISHED","assignerShortName":"eclipse","dateReserved":"2024-09-30T15:55:47.833Z","datePublished":"2025-07-16T10:14:28.966Z","dateUpdated":"2026-06-18T13:59:24.218Z"},"containers":{"cna":{"providerMetadata":{"orgId":"e51fbebd-6053-4e49-959f-1b94eeb69a2c","shortName":"eclipse","dateUpdated":"2026-06-18T13:59:24.218Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-307","description":"CWE-307 Improper Restriction of Excessive Authentication Attempts","type":"CWE"}]}],"affected":[{"vendor":"Eclipse Foundation","product":"Eclipse Glassfish","versions":[{"status":"affected","version":"5.1.0","versionType":"semver"},{"status":"affected","version":"6.0.0","lessThanOrEqual":"6.2.5","versionType":"semver"},{"status":"affected","version":"7.0.0","lessThanOrEqual":"7.0.25","versionType":"semver"},{"status":"affected","version":"7.1.0","versionType":"semver"},{"status":"affected","version":"8.0.0","lessThan":"8.0.3","versionType":"semver"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"In Eclipse GlassFish versions before 8.0.3 it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts. GlassFish 8.0.3 adds automatic attack protection documented in  https://glassfish.org/docs/latest/security-guide.html#brute-force-attack-protection .","supportingMedia":[{"type":"text/html","base64":false,"value":"In Eclipse GlassFish versions before 8.0.3 it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts. GlassFish 8.0.3 adds automatic attack protection documented in <a href=\"https://glassfish.org/docs/latest/security-guide.html#brute-force-attack-protection\" rel=\"nofollow noreferrer noopener\" target=\"_blank\">https://glassfish.org/docs/latest/security-guide.html#brute-force-attack-protection</a>."}]}],"references":[{"url":"https://gitlab.eclipse.org/security/cve-assignement/-/issues/33"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","subConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED","version":"4.0","baseSeverity":"MEDIUM","baseScore":6.3,"vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N"}}],"credits":[{"lang":"en","value":"Marco Ventura","type":"reporter"},{"lang":"en","value":"Claudia Bartolini","type":"reporter"},{"lang":"en","value":"Andrea Carlo Maria Dattola","type":"reporter"},{"lang":"en","value":"Debora Esposito","type":"reporter"},{"lang":"en","value":"Massimiliano Brolli","type":"reporter"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-07-16T14:28:27.927901Z","id":"CVE-2024-9342","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-07-16T14:39:49.251Z"}}]}}