Critical severityNVD Advisory· Published Mar 30, 2023· Updated Feb 18, 2025
CVE-2023-28462
CVE-2023-28462
Description
A JNDI rebind operation in the default ORB listener in Payara Server 4.1.2.191 (Enterprise), 5.20.0 and newer (Enterprise), and 5.2020.1 and newer (Community), when Java 1.8u181 and earlier is used, allows remote attackers to load malicious code on the server once a JNDI directory scan is performed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
fish.payara.server:payara-aggregatorMaven | >= 5.2020.1, < 6.2022.1.Alpha3 | 6.2022.1.Alpha3 |
Affected products
2Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.