vulnerability
Red Hat: CVE-2023-38264: JDK: Object Request Broker (ORB) denial of service (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:N/I:N/A:C) | May 14, 2024 | Jun 7, 2024 | Mar 27, 2026 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:N/I:N/A:C)
Published
May 14, 2024
Added
Jun 7, 2024
Modified
Mar 27, 2026
Description
The IBM SDK, Java Technology Edition's Object Request Broker (ORB) 7.1.0.0 through 7.1.5.21 and 8.0.0.0 through 8.0.8.21 is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters. IBM X-Force ID: 260578.
Solutions
redhat-upgrade-java-1-8-0-ibmredhat-upgrade-java-1-8-0-ibm-demoredhat-upgrade-java-1-8-0-ibm-develredhat-upgrade-java-1-8-0-ibm-headlessredhat-upgrade-java-1-8-0-ibm-jdbcredhat-upgrade-java-1-8-0-ibm-pluginredhat-upgrade-java-1-8-0-ibm-srcredhat-upgrade-java-1-8-0-ibm-webstart
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.