A remote code execution vulnerability has been reported in IBM WebSphere. The vulnerability is due to an untrusted deserialization of data when the WASPostParam cookie is present in the request. A remote, authenticated attacker can exploit this vulnerability by sending a request containing a malicious WASPostParam value to the target server.