A known issue in Gateway 11: 

Protect Against Message Replay Assertion Vulnerability

Issue: A vulnerability was discovered in a third-party library which may affect the security of the Protect Against Message Replay assertion. (DE556251)

Workaround: If you are using the Protect Against Message Replay assertion, please open support case for additional details about this vulnerability and possible remediation.

For someone to exploit this vulnerability:

1) You would have to be using Message replay.
2) They would have to have public access to the hazelcast port 8777 or have gained access to the network to query hazelcast. 
NOTE: This is not an issue with the standard exposed HTTP/HTTPs ports.
3) They could remove the message id so they could replay it. At this point, if they have already gained network access, there is likely a greater concern that needs to be addressed. 

The workaround/solution is to create firewall rules on each gateway to only allow specific cluster members to access Hazelcast, if access is genuinely needed.