PT-2025-26875 · Ibm · Ibm Websphere Application Server

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server versions 8.5 and 9.0 Description: The issue allows a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. This poses a serious risk to enterprise Jav...

Information disclosure

Due to how Wire handles type information in its serialization format, malicious payloads can be passed to a deserializer. e.g. using a surrogate on the sender end, an attacker can pass information about a different type for the receiving end. And by doing so allowing the serializer to create any...