SYM_JAVA_0136 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Deserialization of Untrusted Data
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-502: Deserialization of Untrusted Data |
| OWASP | A08:2017 - Insecure Deserialization |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description
Passing non-primitive objects as parameters in Java RMI interfaces can expose your application to insecure deserialization. This means untrusted data could be processed, allowing attackers to send malicious objects to your server.
Impact
If exploited, an attacker could execute arbitrary code on your server, potentially gaining unauthorized access, stealing sensitive data, or taking control of your system. This can lead to severe data breaches or total compromise of the application environment.