CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-2712

In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed application source code.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 36.8%

CVSS Severity

CVSS v3 Score 6.5

References

https://bugs.eclipse.org/580502
https://bugs.eclipse.org/580502

Products affected by CVE-2022-2712

Eclipse » Glassfish » Version: 5.1.0

cpe:2.3:a:eclipse:glassfish:5.1.0
Eclipse » Glassfish » Version: 6.0.0

cpe:2.3:a:eclipse:glassfish:6.0.0
Eclipse » Glassfish » Version: 6.2.5

cpe:2.3:a:eclipse:glassfish:6.2.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-2712

Products

Pricing

Contact Us