CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-28462

A JNDI rebind operation in the default ORB listener in Payara Server 4.1.2.191 (Enterprise), 5.20.0 and newer (Enterprise), and 5.2020.1 and newer (Community), when Java 1.8u181 and earlier is used, allows remote attackers to load malicious code on the server once a JNDI directory scan is performed.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.013

EPSS Ranking 79.2%

CVSS Severity

CVSS v3 Score 9.8

References

https://blog.payara.fish/vulnerability-affecting-server-environments-on-java-1.8-on-updates-lower-than-1.8u191
https://blog.payara.fish/vulnerability-affecting-server-environments-on-java-1.8-on-updates-lower-than-1.8u191

Products affected by CVE-2023-28462

Oracle » Jdk » Version: 1.8.0

cpe:2.3:a:oracle:jdk:1.8.0
Payara » Payara Server » Version: Any

cpe:2.3:a:payara:payara_server:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-28462

Products

Pricing

Contact Us