CVE-2024-9342: Eclipse GlassFish is vulnerable to Login Brute Force attacks through unlimited failed login attempts

July 16, 2025 (updated July 18, 2025)

In Eclipse GlassFish version 7.0.16 or earlier, it is possible to perform login brute force attacks as there is no limitation on the number of failed login attempts.

References

github.com/advisories/GHSA-99f7-hp6j-v6q4
github.com/eclipse-ee4j/glassfish
gitlab.eclipse.org/security/cve-assignement/-/issues/33
gitlab.eclipse.org/security/vulnerability-reports/-/issues/231
nvd.nist.gov/vuln/detail/CVE-2024-9342

Code Behaviors & Features

Detect and mitigate CVE-2024-9342 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →