CVE-2023-28462 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2023-28462?

CVE-2023-28462 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to execute arbitrary code on Payara Server by exploiting a JNDI rebind operation in the default ORB listener. It affects Payara Server Enterprise and Community editions running on Java 1.8u181 or earlier. Successful exploitation enables complete server compromise.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on Payara Server by exploiting a JNDI rebind operation in the default ORB listener. It affects Payara Server Enterprise and Community editions running on Java 1.8u181 or earlier. Successful exploitation enables complete server compromise.

💻 Affected Systems

Products:

Payara Server Enterprise
Payara Server Community

Versions: Enterprise: 4.1.2.191, 5.20.0+; Community: 5.2020.1+

Operating Systems: All operating systems running Java 1.8u181 or earlier

Default Config Vulnerable: ⚠️ Yes

Notes: Only vulnerable when using Java 1.8u181 or earlier versions. Java 1.8u191+ is not affected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data exfiltration, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Remote code execution allowing attackers to install backdoors, steal sensitive data, or use the server as part of a botnet.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent exploitation attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires JNDI directory scan but is straightforward once that condition is met.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Update to Payara Server 5.2020.6 (Community) or latest Enterprise release

Vendor Advisory: https://blog.payara.fish/vulnerability-affecting-server-environments-on-java-1.8-on-updates-lower-than-1.8u191

Restart Required: Yes

Instructions:

1. Backup your configuration and applications. 2. Download the patched version from Payara's website. 3. Stop the Payara Server. 4. Install the updated version. 5. Restore configuration and applications. 6. Restart the server.

🔧 Temporary Workarounds

Upgrade Java Runtime

all

Update Java to version 1.8u191 or later to mitigate the vulnerability

sudo apt update && sudo apt install openjdk-8-jdk
yum update java-1.8.0-openjdk

Disable ORB Listener

all

Disable the vulnerable ORB listener in Payara Server configuration

asadmin set configs.config.server-config.iiop-service.iiop-listener.orb-listener.enabled=false

🧯 If You Can't Patch

Implement strict network access controls to limit ORB listener exposure
Deploy web application firewall (WAF) rules to block JNDI rebind attempts

🔍 How to Verify

Check if Vulnerable:

Check Payara version with: asadmin version && check Java version with: java -version

Check Version:

asadmin version

Verify Fix Applied:

Verify Payara version is 5.2020.6+ (Community) or latest Enterprise, and Java is 1.8u191+

📡 Detection & Monitoring

Log Indicators:

Unusual JNDI lookup patterns
ORB listener access from unexpected sources
Class loading from remote sources

Network Indicators:

Traffic to ORB listener port (default 3700) from untrusted sources
JNDI LDAP/RMI requests to suspicious domains

SIEM Query:

source="payara.log" AND ("JNDI" OR "ORB") AND ("rebind" OR "lookup")

📊 Metadata

CVE ID: CVE-2023-28462

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-502

Published: March 30, 2023

Last Updated: February 18, 2025

🔗 References

https://blog.payara.fish/vulnerability-affecting-server-environments-on-java-1.8-on-updates-lower-than-1.8u191 Mitigation,Vendor Advisory
https://blog.payara.fish/vulnerability-affecting-server-environments-on-java-1.8-on-updates-lower-than-1.8u191 Mitigation,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-28462, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Payara Server by Payara

Payara Server by Payara

Payara Server by Payara

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Upgrade Java Runtime

Disable ORB Listener

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities