CVE-2024-9329

MEDIUM Year: 2024
CVSS v3 Score
6.1
Medium
Weakness Type
CWE-233
View all →

Vulnerability Description

In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.

Related Vulnerabilities

CVE-2024-20306

MEDIUM
CVSS:6.0(Medium)

A vulnerability in the Unified Threat Defense (UTD) configuration CLI of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying host...

CWE-2332024

CVE-2023-1419

MEDIUM
CVSS:5.9(Medium)

A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a...

CWE-2332023

CVE-2020-10069

MEDIUM
CVSS:6.5(Medium)

Zephyr Bluetooth unchecked packet data results in denial of service. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Parameters (CWE-233). For more information, see https://github.c...

CWE-2332020

CVE-2021-45477

MEDIUM
CVSS:6.5(Medium)

Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users.This issue affects Library Automation System: before...

CWE-2332021

CVE-2021-45478

MEDIUM
CVSS:6.5(Medium)

Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users.This issue affects Library Automation System: before...

CWE-2332021

CVE-2023-28898

MEDIUM
CVSS:5.3(Medium)

The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero. This issue allows an attacker connected to the...

CWE-2332023