A security researcher who uses the online moniker tint0 discovered in April that WebSphere Application Server, IBM’s Java EE-based runtime environment, is affected by three potentially serious deserialization issues. Two of the flaws have been rated critical and they can be exploited for remote code execution, while the third has been classified as high severity and it can lead to information disclosure.
Tint0 reported the issues to IBM through Trend Micro’s Zero Day Initiative (ZDI), which last week published advisories for each of the vulnerabilities. The bugs were reported to IBM in mid-April.
