Remote Code Execution via Java Deserialization in Hazelcast Cluster Join Procedure

CVE-2016-10750 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

In Hazelcast before 3.11, the cluster join procedure is vulnerable to remote code execution via Java deserialization. If an attacker can reach a listening Hazelcast instance with a crafted JoinRequest, and vulnerable classes exist in the classpath, the attacker can run arbitrary code.

Learn more about our Web Application Penetration Testing UK.