SYM_JAVA_0054 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Deserialization of Untrusted Data
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-502: Deserialization of Untrusted Data |
| OWASP | A08:2017 - Insecure Deserialization |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The code deserializes objects from JMS ObjectMessages without validating or restricting the incoming data. This allows untrusted data to be processed, exposing the application to insecure deserialization risks.
Impact
If an attacker sends a malicious JMS ObjectMessage, they could exploit this to execute arbitrary code within your application's environment. This can lead to unauthorized access, data breaches, or complete system compromise, putting both application and organizational assets at risk.