Java Deserialization Vulnerability Detected Message Returned on Security Check of OAG
(Doc ID 2731831.1)
Last updated on DECEMBER 01, 2020
Applies to:Oracle API Gateway - Version 18.104.22.168.0 and later
Information in this document applies to any platform.
It has been determined that a security scan of the OAG product returns the following vulnerabilty:
Title: Java Deserialization Vulnerability Detected
Severity Level: 5
Vulnerability Type: Confirmed Vulnerability
Discovery Method: Remote Only
Threat: The host runs a Java application that suffers from Java Deserialization vulnerability. The application accepts serialized objects, however it does not validate or check untrusted input before deserializing it.
Impact: An unauthenticated, remote attacker could exploit this vulnerability to execute arbitrary Java code on the system.
This was determined to be found on the CacheManager process running on the system.
How can this vulnerability be avoided?
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document