CVE-2024-8646
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2024-8646 is a URL redirection vulnerability affecting Eclipse GlassFish versions prior to 7.0.10, which allows redirection to untrusted sites due to an underlying issue (CVE-2023-41080) in the Apache code. This vulnerability impacts applications specifically deployed to the root context ('/'), posing a medium risk with a CVSS base score of 6.1, where user interaction is required for exploitation and no special privileges are needed. To remediate this vulnerability, organizations should upgrade to GlassFish version 7.0.10 or later. The potential danger includes exposing users to phishing attacks or malicious sites, as it could redirect them from legitimate applications without their knowledge. While the integrity and confidentiality impacts are rated low, organizations should remain vigilant due to the nature of URL redirection vulnerabilities.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.