vulnerability context

CVE-2023-28462

CVSS 9.8 CRITICALEPSS 56%CWE-502

A JNDI rebind operation in the default ORB listener in Payara Server 4.1.2.191 (Enterprise), 5.20.0 and newer (Enterprise), and 5.2020.1 and newer (Community), when Java 1.8u181 and earlier is used, allows remote attackers to load malicious code on the server once a JNDI directory scan is performed.

Published 2023-03-30 · last modified 2026-06-17

details

CISA KEV status: Not in catalog
CVSS v3: 9.8 / CRITICAL
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS: 56% percentile (score 0.0093)
CWE: CWE-502
OTX pulses: 0 total, 0 recent

View on NVD → · cve.org

source mentions 1

[CyberHub] 📌 CVE-2023-28462 - A JNDI rebind operation in the default ORB listener in Payara Server 4.1.2.191 (Enterprise), 5.20...Bluesky:@cyberhub.blog · 1d ago

source consensus

Bluesky:@cyberhub.blog1×

Want the 3-bullet summary of CVE-2023-28462, plus webhook alerts when KEV is updated? Pro is $10/mo.

Open in reader See Pro →