vulnerability
CentOS Linux: CVE-2023-38264: Moderate: java-1.8.0-ibm security update (CESA-2024:4160)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:H/Au:N/C:N/I:N/A:C) | May 14, 2024 | Jun 28, 2024 | Feb 18, 2025 |
Severity
5
CVSS
(AV:N/AC:H/Au:N/C:N/I:N/A:C)
Published
May 14, 2024
Added
Jun 28, 2024
Modified
Feb 18, 2025
Description
The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters. IBM X-Force ID: 260578.
Solutions
centos-upgrade-java-1-8-0-ibmcentos-upgrade-java-1-8-0-ibm-democentos-upgrade-java-1-8-0-ibm-develcentos-upgrade-java-1-8-0-ibm-jdbccentos-upgrade-java-1-8-0-ibm-plugincentos-upgrade-java-1-8-0-ibm-src
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.