Description
A JNDI rebind operation in the default ORB listener in Payara Server 4.1.2.191 (Enterprise), 5.20.0 and newer (Enterprise), and 5.2020.1 and newer (Community), when Java 1.8u181 and earlier is used, allows remote attackers to load malicious code on the server once a JNDI directory scan is performed.
Remediation
References
https://blog.payara.fish/vulnerability-affecting-server-environments-on-java-1.8-on-updates-lower-than-1.8u191
Related Vulnerabilities
CVE-2020-6532 Vulnerability in npm package electron
CVE-2017-1000362 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2018-1328 Vulnerability in maven package org.apache.zeppelin:zeppelin
CVE-2023-4853 Vulnerability in maven package io.quarkus:quarkus-undertow
CVE-2023-46731 Vulnerability in maven package org.xwiki.platform:xwiki-platform-administration-ui