A JNDI rebind operation in the default ORB listener in Payara Server 4.1.2.191 (Enterprise), 5.20.0 and newer (Enterprise), and 5.2020.1 and newer (Community), when Java 1.8u181 and earlier is used, allows remote attackers to load malicious code on the server once a JNDI directory scan is performed.
References
Link | Resource |
---|---|
https://blog.payara.fish/vulnerability-affecting-server-environments-on-java-1.8-on-updates-lower-than-1.8u191 | Mitigation Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-03-30T00:00:00
Updated: 2023-03-30T00:00:00
Reserved: 2023-03-15T00:00:00
Link: CVE-2023-28462
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-03-30T20:15:07.733
Modified: 2023-04-07T17:19:22.730
Link: CVE-2023-28462
JSON object: View
Redhat Information
No data.
CWE