Deserialization-related vulnerabilities found in several Java implementations of AMF3 can be exploited for unauthenticated remote code execution and XXE attacks, warned CERT/CC.
Article Link: http://feedproxy.google.com/~r/Securityweek/~3/EMzjOCLGDD4/flaws-java-amf-libraries-allow-remote-code-execution