Onapsis Security Advisory - If a specially crafted packet is sent to the JDENet Service (6015 TCP by default), and the Security Kernel is enabled and SignonSecurity is configured, then it is possible to retrieve the password of arbitrary users.
ca8b740898e9808b2377e7e6e742f24a9adcdee6596d83dbff27ba20b10ae606