The IBM SDK, Java Technology Edition's Object Request Broker (ORB) is vulnerable to a denial of service attack in some circumstances due to improper enforcement of the JEP 290 MaxRef and MaxDepth deserialization filters. IBM Security Update May 2024: https://www.ibm.com/support/pages/java-sdk-security-vulnerabilities#IBM_Security_Update_May_2024 https://www.ibm.com/support/pages/apar/IX90196 https://www.ibm.com/support/pages/node/7150727
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:3685 https://access.redhat.com/errata/RHSA-2024:3685
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2024:4160 https://access.redhat.com/errata/RHSA-2024:4160