Description
Virtualjdbc extension of SAP Hybris Commerce Cloud uses unsafe java deserialization and it's vulnerable to deserialization attacks. An attacker could exploit this vulnerability using specially-crafted serialized data to execute arbitrary code on the system or to perform a denial of service attack.
Remediation
Upgrade to the latest version of SAP Hybris.
References
Related Vulnerabilities
Internet Information Services Other Vulnerability (CVE-2001-0333)
Oracle Database Server CVE-2014-4299 Vulnerability (CVE-2014-4299)
Django Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-0305)
Jenkins Improper Certificate Validation Vulnerability (CVE-2017-1000396)