Miggo Logo
Miggo Vulnerability Database
CVE-2023-28462

CVE-2023-28462: Payara Server allows remote attackers to load malicious code on the server once a JNDI directory scan is performed

9.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2023-28462
GHSA ID
GHSA-xc93-587g-mxm7
EPSS Score
0.79144%
CWE
CWE-502
Published
3/30/2023
Updated
2/18/2025
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
fish.payara.server:payara-aggregatormaven>= 5.2020.1, < 6.2022.1.Alpha36.2022.1.Alpha3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability description explicitly identifies the JNDI rebind operation in the default ORB listener as the attack vector. The CWE-502 (deserialization) and the dependency on outdated Java versions (pre-1.8u191) confirm the root cause: insecure JNDI operations combined with Java's historical support for remote class loading via LDAP/RMI. The ORB listener's lack of SSL/TLS enforcement or authentication in affected Payara versions makes the rebind operation exploitable. While the exact code location isn't provided in the advisory, the technical description and mitigation measures (securing/disabling ORB listeners) strongly implicate the JNDI rebind functionality in the ORB listener component.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* JN*I r**in* op*r*tion in t** ****ult OR* list*n*r in P*y*r* S*rv*r *.*.*.*** (*nt*rpris*), *.**.* *n* n*w*r (*nt*rpris*), *n* *.****.* *n* n*w*r (*ommunity), w**n J*v* *.*u*** *n* **rli*r is us**, *llows r*mot* *tt**k*rs to lo** m*li*ious *o** on t

Reasoning

T** vuln*r**ility **s*ription *xpli*itly i**nti*i*s t** JN*I r**in* op*r*tion in t** ****ult OR* list*n*r *s t** *tt**k v**tor. T** *W*-*** (**s*ri*liz*tion) *n* t** **p*n**n*y on out**t** J*v* v*rsions (pr*-*.*u***) *on*irm t** root **us*: ins**ur*