My Oracle Support Banner

Java Deserialization Vulnerability Detected Message Returned on Security Check of OAG (Doc ID 2731831.1)

Last updated on FEBRUARY 06, 2024

Applies to:

Oracle API Gateway - Version and later
Information in this document applies to any platform.


It has been determined that a security scan of the OAG product returns the following vulnerabilty:

Title: Java Deserialization Vulnerability Detected
Severity Level: 5
Vulnerability Type: Confirmed Vulnerability
Discovery Method: Remote Only
QID: 11837
Category: CGI
Threat: The host runs a Java application that suffers from Java Deserialization vulnerability. The application accepts serialized objects, however it does not validate or check untrusted input before deserializing it.

Impact: An unauthenticated, remote attacker could exploit this vulnerability to execute arbitrary Java code on the system.
This was determined to be found on the CacheManager process running on the system.

How can this vulnerability be avoided?


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.