Deserialization of Untrusted Data
| Property | |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-502: Deserialization of Untrusted Data |
| OWASP | A08:2017 - Insecure Deserialization |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The code deserializes objects from JMS ObjectMessages without validating or restricting the incoming data. This allows untrusted data to be processed, exposing the application to insecure deserialization risks.
Impact#
If an attacker sends a malicious JMS ObjectMessage, they could exploit this to execute arbitrary code within your application’s environment. This can lead to unauthorized access, data breaches, or complete system compromise, putting both application and organizational assets at risk.