Java Deserialization Vulnerability Detected Message Returned on Security Check of OAG (Doc ID 2731831.1)

Last updated on FEBRUARY 06, 2024

Applies to:

Oracle API Gateway - Version 11.1.2.4.0 and later
Information in this document applies to any platform.

Goal

It has been determined that a security scan of the OAG product returns the following vulnerabilty:

Title: Java Deserialization Vulnerability Detected

Severity Level: 5
Vulnerability Type: Confirmed Vulnerability
Discovery Method: Remote Only
QID: 11837
Category: CGI

Threat: The host runs a Java application that suffers from Java Deserialization vulnerability. The application accepts serialized objects, however it does not validate or check untrusted input before deserializing it.

Impact: An unauthenticated, remote attacker could exploit this vulnerability to execute arbitrary Java code on the system.

This was determined to be found on the CacheManager process running on the system.

How can this vulnerability be avoided?

Solution

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

Goal

Solution

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

Java Deserialization Vulnerability Detected Message Returned on Security Check of OAG (Doc ID 2731831.1)

Applies to:

Goal

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!