A JNDI rebind operation in the default ORB listener in Payara Server 4.1.2.191 (Enterprise), 5.20.0 and newer (Enterprise), and 5.2020.1 and newer (Community), when Java 1.8u181 and earlier is used, allows remote attackers to load malicious code on the server once a JNDI directory scan is performed.
References
Link | Resource |
---|---|
https://blog.payara.fish/vulnerability-affecting-server-environments-on-java-1.8-on-updates-lower-than-1.8u191 | Mitigation Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
07 Apr 2023, 17:19
Type | Values Removed | Values Added |
---|---|---|
First Time |
Oracle
Oracle jdk Payara payara Server Payara |
|
CWE | NVD-CWE-noinfo | |
References | (MISC) https://blog.payara.fish/vulnerability-affecting-server-environments-on-java-1.8-on-updates-lower-than-1.8u191 - Mitigation, Vendor Advisory | |
CPE | cpe:2.3:a:oracle:jdk:1.8.0:update181:*:*:*:*:*:* cpe:2.3:a:payara:payara_server:*:*:*:*:enterprise:*:*:* cpe:2.3:a:payara:payara_server:*:*:*:*:community:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
30 Mar 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-30 20:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-28462
Mitre link : CVE-2023-28462
CVE.ORG link : CVE-2023-28462
JSON object : View
Products Affected
payara
- payara_server
oracle
- jdk
CWE