CVE-2024-8646

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Sep 11, 2024
CWE ID 601

Summary

CVE-2024-8646 is a URL redirection vulnerability affecting Eclipse GlassFish versions prior to 7.0.10, which allows redirection to untrusted sites due to an underlying issue (CVE-2023-41080) in the Apache code. This vulnerability impacts applications specifically deployed to the root context ('/'), posing a medium risk with a CVSS base score of 6.1, where user interaction is required for exploitation and no special privileges are needed. To remediate this vulnerability, organizations should upgrade to GlassFish version 7.0.10 or later. The potential danger includes exposing users to phishing attacks or malicious sites, as it could redirect them from legitimate applications without their knowledge. While the integrity and confidentiality impacts are rated low, organizations should remain vigilant due to the nature of URL redirection vulnerabilities.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share