{"api_version":"1","generated_at":"2026-06-22T12:40:27+00:00","cve":"CVE-2024-9342","urls":{"html":"https://cve.report/CVE-2024-9342","api":"https://cve.report/api/cve/CVE-2024-9342.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2024-9342","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2024-9342"},"summary":{"title":"CVE-2024-9342","description":"In Eclipse GlassFish versions before 8.0.3 it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts. GlassFish 8.0.3 adds automatic attack protection documented in  https://glassfish.org/docs/latest/security-guide.html#brute-force-attack-protection .","state":"PUBLISHED","assigner":"eclipse","published_at":"2025-07-16 11:15:23","updated_at":"2026-06-18 14:17:17"},"problem_types":["CWE-307","CWE-307 CWE-307 Improper Restriction of Excessive Authentication Attempts"],"metrics":[{"version":"4.0","source":"emo@eclipse.org","type":"Secondary","score":"6.3","severity":"MEDIUM","vector":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}},{"version":"4.0","source":"CNA","type":"CVSS","score":"6.3","severity":"MEDIUM","vector":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N","data":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"ADJACENT","baseScore":6.3,"baseSeverity":"MEDIUM","exploitMaturity":"NOT_DEFINED","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"NOT_DEFINED"}},{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}}],"references":[{"url":"https://gitlab.eclipse.org/security/cve-assignement/-/issues/33","name":"https://gitlab.eclipse.org/security/cve-assignement/-/issues/33","refsource":"emo@eclipse.org","tags":["Issue Tracking"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2024-9342","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-9342","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Eclipse Foundation","product":"Eclipse Glassfish","version":"affected 5.1.0 semver","platforms":[]},{"source":"CNA","vendor":"Eclipse Foundation","product":"Eclipse Glassfish","version":"affected 6.0.0 6.2.5 semver","platforms":[]},{"source":"CNA","vendor":"Eclipse Foundation","product":"Eclipse Glassfish","version":"affected 7.0.0 7.0.25 semver","platforms":[]},{"source":"CNA","vendor":"Eclipse Foundation","product":"Eclipse Glassfish","version":"affected 7.1.0 semver","platforms":[]},{"source":"CNA","vendor":"Eclipse Foundation","product":"Eclipse Glassfish","version":"affected 8.0.0 8.0.3 semver","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Marco Ventura","lang":"en"},{"source":"CNA","value":"Claudia Bartolini","lang":"en"},{"source":"CNA","value":"Andrea Carlo Maria Dattola","lang":"en"},{"source":"CNA","value":"Debora Esposito","lang":"en"},{"source":"CNA","value":"Massimiliano Brolli","lang":"en"}],"nvd_cpes":[{"cve_year":"2024","cve_id":"9342","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"eclipse","cpe5":"glassfish","cpe6":"7.0.16","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2024","cve_id":"9342","cve":"CVE-2024-9342","epss":"0.004030000","percentile":"0.319700000","score_date":"2026-06-21","updated_at":"2026-06-22 00:08:34"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2024-9342","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2025-07-16T14:28:27.927901Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2025-07-16T14:39:49.251Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Eclipse Glassfish","vendor":"Eclipse Foundation","versions":[{"status":"affected","version":"5.1.0","versionType":"semver"},{"lessThanOrEqual":"6.2.5","status":"affected","version":"6.0.0","versionType":"semver"},{"lessThanOrEqual":"7.0.25","status":"affected","version":"7.0.0","versionType":"semver"},{"status":"affected","version":"7.1.0","versionType":"semver"},{"lessThan":"8.0.3","status":"affected","version":"8.0.0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"reporter","value":"Marco Ventura"},{"lang":"en","type":"reporter","value":"Claudia Bartolini"},{"lang":"en","type":"reporter","value":"Andrea Carlo Maria Dattola"},{"lang":"en","type":"reporter","value":"Debora Esposito"},{"lang":"en","type":"reporter","value":"Massimiliano Brolli"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"In Eclipse GlassFish versions before 8.0.3 it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts. GlassFish 8.0.3 adds automatic attack protection documented in <a href=\"https://glassfish.org/docs/latest/security-guide.html#brute-force-attack-protection\" rel=\"nofollow noreferrer noopener\" target=\"_blank\">https://glassfish.org/docs/latest/security-guide.html#brute-force-attack-protection</a>."}],"value":"In Eclipse GlassFish versions before 8.0.3 it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts. GlassFish 8.0.3 adds automatic attack protection documented in  https://glassfish.org/docs/latest/security-guide.html#brute-force-attack-protection ."}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"ADJACENT","baseScore":6.3,"baseSeverity":"MEDIUM","exploitMaturity":"NOT_DEFINED","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-307","description":"CWE-307 Improper Restriction of Excessive Authentication Attempts","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-18T13:59:24.218Z","orgId":"e51fbebd-6053-4e49-959f-1b94eeb69a2c","shortName":"eclipse"},"references":[{"url":"https://gitlab.eclipse.org/security/cve-assignement/-/issues/33"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 0.2.0"}}},"cveMetadata":{"assignerOrgId":"e51fbebd-6053-4e49-959f-1b94eeb69a2c","assignerShortName":"eclipse","cveId":"CVE-2024-9342","datePublished":"2025-07-16T10:14:28.966Z","dateReserved":"2024-09-30T15:55:47.833Z","dateUpdated":"2026-06-18T13:59:24.218Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2025-07-16 11:15:23","lastModifiedDate":"2026-06-18 14:17:17","problem_types":["CWE-307","CWE-307 CWE-307 Improper Restriction of Excessive Authentication Attempts"],"metrics":{"cvssMetricV40":[{"source":"emo@eclipse.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-07-16T14:28:27.927901Z","id":"CVE-2024-9342","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:eclipse:glassfish:7.0.16:*:*:*:*:*:*:*","matchCriteriaId":"828489CE-9554-45A6-9D05-E43ABC8A04AE"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2024","CveId":"9342","Ordinal":"1","Title":"CVE-2024-9342","CVE":"CVE-2024-9342","Year":"2024"},"notes":[{"CveYear":"2024","CveId":"9342","Ordinal":"1","NoteData":"In Eclipse GlassFish versions before 8.0.3 it is possible to perform Login Brute Force attacks as there is no limitation in the number of failed login attempts. GlassFish 8.0.3 adds automatic attack protection documented in  https://glassfish.org/docs/latest/security-guide.html#brute-force-attack-protection .","Type":"Description","Title":"CVE-2024-9342"}]}}}