Federico Dotta

**Name of the Vulnerable Software and Affected Versions** Oracle WebLogic Server versions 10.3.6.0.0 through 12.2.1.2.0 **Description** A vulnerability exists in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). This vulnerability allows an unauthenticated attacker with network access via T3 or HTTP to compromise Oracle WebLogic Server, potentially leading to a takeover of the server. **Recommendations** Oracle WebLogic Server versions prior to 10.3.6.0.0 and versions after 12.2.1.2.0 are not affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM WebSphere Application Server (affected versions not specified) **Description** The issue allows serialized objects from untrusted sources to run, causing the consumption of resources, which may lead to a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Red Hat JBoss Enterprise Application Platform (EAP) versions 4 and 5 **Description** The issue allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object. This is related to the JMX servlet in the affected software. **Recommendations** For Red Hat JBoss Enterprise Application Platform (EAP) versions 4 and 5, consider restricting access to the JMX servlet as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** IBM WebSphere Application Server (WAS) versions 7.0 through 7.0.0.42 IBM WebSphere Application Server (WAS) versions 8.0 through 8.0.0.12 IBM WebSphere Application Server (WAS) versions 8.5 through 8.5.5.10 IBM WebSphere Application Server (WAS) versions 9.0 through 9.0.0.1 IBM WebSphere Application Server (WAS) Liberty versions prior to 16.0.0.4 **Description** The issue allows remote authenticated users to execute arbitrary Java code via a crafted serialized object. **Recommendations** For IBM WebSphere Application Server (WAS) versions 7.0 through 7.0.0.42, update to version 7.0.0.43 or later. For IBM WebSphere Application Server (WAS) versions 8.0 through 8.0.0.12, update to version 8.0.0.13 or later. For IBM WebSphere Application Server (WAS) versions 8.5 through 8.5.5.10, update to version 8.5.5.11 or later. For IBM WebSphere Application Server (WAS) versions 9.0 through 9.0.0.1, update to version 9.0.0.2 or later. For IBM WebSphere Application Server (WAS) Liberty versions prior to 16.0.0.4, update to version 16.0.0.4 or later.