High
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to execute arbitrary code on a system with a specially-crafted sequence of serialized objects over the SOAP connector.
IBM
Refer to IBM Security Bulletin 6250059 for patch, upgrade or suggested workaround information.