Java Deserialization Vulnerability with Service Catalog