Insecure Deserialization via MITM in Layer 7 Policy Manager

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:L/SA:L

Description

An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken security expectations or remote code execution.

Basic Information

ID CVE-2026-11815

Source symantec

Published Jun 10, 2026 at 06:39

Affected Product

Vendor Broadcom

Product Layer 7 API Gateway

Version 11.2.1

Affected Versions Broadcom Layer 7 API Gateway 11.2.1

CWE Classification

CWE-502

References

support.broadcom.com /web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37631

{
    "lastseen": "",
    "description": "An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken security expectations or remote code execution.",
    "published": "2026-06-10T06:39:26.498Z",
    "modified": "2026-06-10T06:39:26.498Z",
    "type": "cve",
    "title": "Insecure Deserialization via MITM in Layer 7 Policy Manager",
    "source": "symantec",
    "references": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37631",
    "id": "CVE-2026-11815",
    "bulletinFamily": "",
    "cwe": [
        "CWE-502"
    ],
    "cvelist": null,
    "sourceData": "Broadcom Layer 7 API Gateway 11.2.1",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:L/SA:L",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Layer 7 API Gateway",
    "version": "11.2.1",
    "vendor": "Broadcom",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Insecure Deserialization via MITM in Layer 7 Policy Manager_CVE-2026-11815