IIOP, or Internet Inter-ORB Protocol, is a network protocol used by CORBA middleware so distributed objects can communicate across different systems and languages. In enterprise environments, it often appears in application servers, integration platforms, and legacy Java middleware that support CORBA interoperability.
In cyber security, IIOP matters because it can expose non-obvious attack surface beyond standard web ports. If a middleware service listens on IIOP and is reachable from untrusted networks, attackers may probe it for deserialization bugs, authentication weaknesses, or remote code execution paths. Defenders reduce risk by inventorying IIOP-enabled services, restricting network access, disabling unused listeners, and applying vendor patches. In practice, reviewing IIOP exposure is part of hardening middleware that may otherwise look "internal" but still be reachable and exploitable.