An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a serialized object (weblogic.corba.utils.MarshalledObject) to the interface to execute code on vulnerable hosts.
34887ed78f437dc71b9a27e469d90d560f20f0a52702a9df664219aa2a18b0f2