GHSA-96v6-hq43-x9h4CriticalCVSS 9.1
GlassFish's Administration Console is Vulnerable to RCE
🔗 CVE IDs covered (1)
📋 Description
An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user.
🎯 Affected products2
- maven/org.glassfish.main.admingui:console-common:< 8.0.2
- maven/org.glassfish.jsftemplating:jsftemplating:< 4.2.0