Sign-up

ID

VAR-202106-2180


TITLE

Arbitrary file reading vulnerability exists in GlassFish

Trust: 0.6

sources: CNVD: CNVD-2021-37358

DESCRIPTION

GlassFish is a robust commercial compatible application server. GlassFish has an arbitrary file reading vulnerability, which can be exploited by attackers to obtain sensitive information.

Trust: 0.6

sources: CNVD: CNVD-2021-37358

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-37358

AFFECTED PRODUCTS

vendor:glassfishmodel:glassfishscope:lteversion:<=4.1.2

Trust: 0.6

sources: CNVD: CNVD-2021-37358

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2021-37358
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2021-37358
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2021-37358

EXTERNAL IDS

db:CNVDid:CNVD-2021-37358

Trust: 0.6

sources: CNVD: CNVD-2021-37358

SOURCES

db:CNVDid:CNVD-2021-37358

LAST UPDATE DATE

2022-05-04T09:37:45.950000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-37358date:2021-05-27T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-37358date:2021-06-17T00:00:00