CWE-502 - Deserialization of Untrusted Data

Description

Before saving data for future use software usually checks the information and determines if it's valid or not. If data don't use cryptography it can be easily altered and done untrusted. Under the influence of the weakness application isn't able to serialize trusted and safe object properly. In case of information insecurity it can't be well-formed.
During the process of deserialization untrusted data manages to deceive the system and make it to perceive invalid information as valid. The weakness also allows attackers to obtain and modify information to which they had no access before.
The weakness is introduced during Architecture and Design, Implementation stages.

The weakness is introduced during Architecture and Design, Implementattion stages.

Latest vulnerabilities for CWE-502

Multiple vulnerabilities in IBM Security Verify Governance 2024-04-24
High Yes

Multiple vulnerabilities in IBM Integration Designer 2024-04-23
High Yes

Deserialization of untrusted data in IBM Cognos Analytics Cartridge for IBM Cloud Pak for Data 2024-04-22
High Yes

Multiple vulnerabilities in IBM Security Verify Governance 2024-04-18
High Yes

SolarWinds Web Help Desk update for Apache ActiveMQ 2024-04-17
Critical Yes

Multiple vulnerabilities in Oracle Solaris Cluster 2024-04-17
High Yes

Deserialization of Untrusted Data in Oracle Hospitality Cruise Shipboard Property Management System 2024-04-17
Medium Yes

Multiple vulnerabilities in Oracle FLEXCUBE Private Banking 2024-04-17
Critical Yes

Multiple vulnerabilities in Oracle SOA Suite 2024-04-17
High Yes

Multiple vulnerabilities in Oracle Identity Manager Connector 2024-04-17
Medium Yes

References

Description of CWE-502 on Mitre website