## https://sploitus.com/exploit?id=SAINT:CCB1F29FD3AB4947384A32E9DF441FCF
Added: 07/18/2022
### Background
[Red Hat JBoss Enterprise Application Platform](<https://developers.redhat.com/products/eap/overview>) is an open source platform for highly transactional, web-scale Java applications.
### Problem
A remote, unauthenticated attacker can execute arbitary commands on the server by sending a specially crafted serialized object to the Remoting Unified Invoker interface.
### Resolution
Restrict access to the Remoting Unified Invoker interface.
### References
<https://jspin.re/jboss-eap-as-6-rce-a-little-bit-beyond-xac-xed/>