VYPR
Critical severityNVD Advisory· Published Mar 30, 2023· Updated Feb 18, 2025

CVE-2023-28462

CVE-2023-28462

Description

A JNDI rebind operation in the default ORB listener in Payara Server 4.1.2.191 (Enterprise), 5.20.0 and newer (Enterprise), and 5.2020.1 and newer (Community), when Java 1.8u181 and earlier is used, allows remote attackers to load malicious code on the server once a JNDI directory scan is performed.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
fish.payara.server:payara-aggregatorMaven
>= 5.2020.1, < 6.2022.1.Alpha36.2022.1.Alpha3

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.