A JNDI rebind operation in the default ORB listener in Payara Server 4.1.2.191 (Enterprise), 5.20.0 and newer (Enterprise), and 5.2020.1 and newer (Community), when Java 1.8u181 and earlier is used, allows remote attackers to load malicious code on the server once a JNDI directory scan is performed.
Metrics
Affected Vendors & Products
References
History
Tue, 18 Feb 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-502 | |
Metrics |
ssvc
|

Status: PUBLISHED
Assigner: mitre
Published: 2023-03-30T00:00:00.000Z
Updated: 2025-02-18T19:00:42.236Z
Reserved: 2023-03-15T00:00:00.000Z
Link: CVE-2023-28462

Updated: 2024-08-02T12:38:25.310Z

Status : Modified
Published: 2023-03-30T20:15:07.733
Modified: 2025-02-18T19:15:11.523
Link: CVE-2023-28462

No data.