Vulnerabilities > CVE-2016-10750 - Deserialization of Untrusted Data vulnerability in Hazelcast
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrary code.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Redhat
advisories |
|