In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.
{
"cwe_ids": [
"CWE-20",
"CWE-913"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/5xxx/CVE-2023-5763.json",
"unresolved_ranges": [
{
"extracted_events": [
{
"introduced": "6.0.0"
},
{
"last_affected": "6.2.5"
},
{
"introduced": "5.0"
},
{
"last_affected": "5.1"
}
],
"source": "AFFECTED_FIELD"
}
],
"cna_assigner": "eclipse"
}{
"cpe": "cpe:2.3:a:eclipse:glassfish:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "5.0.0"
},
{
"last_affected": "6.2.5"
}
],
"source": "CPE_RANGE"
}