Tint0

**Name of the Vulnerable Software and Affected Versions** IBM WebSphere Application Server versions 7.0 through 9.0 **Description** The issue allows a remote attacker to execute arbitrary code on a system with a specially-crafted sequence of serialized objects over the SOAP connector. This is related to the deserialization of untrusted data. **Recommendations** For versions 7.0 through 9.0, as a temporary workaround, consider disabling the SOAP connector until a patch is available. Restrict access to the SOAP endpoint to minimize the risk of exploitation. Avoid using untrusted data in the deserialization process until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM WebSphere Application Server versions 7.0 through 9.0 **Description** The issue allows a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. This is related to the deserialization of untrusted data, which can lead to information disclosure. **Recommendations** For IBM WebSphere Application Server versions 7.0 through 9.0, consider restricting access to the IIOP protocol to minimize the risk of exploitation until a patch is available. As a temporary workaround, disabling the deserialization of untrusted data can help mitigate the issue.

**Name of the Vulnerable Software and Affected Versions** IBM WebSphere Application Server versions 8.5 through 8.5.5.17 IBM WebSphere Application Server versions 9.0 through 9.0.5.4 **Description** A remote attacker could execute arbitrary code on the system with a specially-crafted sequence of serialized objects. This issue is related to the IIOP deserialization of untrusted data, allowing for remote code execution. **Recommendations** For IBM WebSphere Application Server versions 8.5 through 8.5.5.17, update to version 8.5.5.18 or later. For IBM WebSphere Application Server versions 9.0 through 9.0.5.4, update to version 9.0.5.5 or later.