Vulnerability Details : CVE-2017-3626
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). The supported version that is affected is 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GlassFish Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).
Products affected by CVE-2017-3626
- cpe:2.3:a:oracle:glassfish_server:3.1.2:*:*:*:*:*:*:*
Threat overview for CVE-2017-3626
Top countries where our scanners detected CVE-2017-3626
Top open port discovered on systems with this issue
80
IPs affected by CVE-2017-3626 149
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2017-3626!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2017-3626
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 47 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-3626
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.6
|
LOW | AV:N/AC:H/Au:N/C:P/I:N/A:N |
4.9
|
2.9
|
NIST | |
3.1
|
LOW | CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N |
1.6
|
1.4
|
NIST |
References for CVE-2017-3626
-
http://www.securitytracker.com/id/1038293
Sun GlassFish Enterprise Server Flaw in Java Server Faces Lets Remote Users Access Data on the Target System - SecurityTracker
-
http://www.securityfocus.com/bid/97896
Oracle GlassFish Server CVE-2017-3626 Remote Security VulnerabilityThird Party Advisory;VDB Entry
-
http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
Oracle Critical Patch Update - April 2017Patch;Vendor Advisory
Jump to