Critical severity9.8NVD Advisory· Published Jul 17, 2017· Updated May 13, 2026

CVE-2017-1000030

Description

Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain text password of administrative user and grant access to the web-based administration interface.

Affected products

Oracle Corporation/Glassfish Server
cpe:2.3:a:oracle:glassfish_server:3.0.1:*:*:*:open_source:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-011/nvdMailing ListThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000