Description
In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.
Remediation
References
https://gitlab.eclipse.org/security/cve-assignement/-/issues/14
https://glassfish.org/docs/latest/security-guide.html#securing-glassfish-server
Related Vulnerabilities
CVE-2021-21656 Vulnerability in maven package org.jenkins-ci.plugins:xcode-plugin
CVE-2020-1729 Vulnerability in maven package io.smallrye.config:smallrye-config
CVE-2022-23305 Vulnerability in maven package log4j:log4j
CVE-2020-1731 Vulnerability in maven package org.keycloak:keycloak-core
CVE-2020-14968 Vulnerability in maven package org.webjars.bowergithub.kjur:jsrsasign