Description
ForgeRock AM / OpenAM uses Jato framework internally. The framework is vulnerable to java deserialization attacks. An attacker could exploit this vulnerability using specially-crafted serialized data to execute arbitrary code on the system.
Remediation
Upgrade to the latest version of ForgeRock AM
References
Related Vulnerabilities
Struts2/XWork remote command execution (S2-014)
Deserialization of Untrusted Data (XStream)
WordPress Plugin Include Me Remote Code Execution (1.2.1)
Unauthenticated Remote Code Execution via JSONWS in Liferay 7.2.0 CE GA1
WordPress Plugin VaultPress Man-in-The-Middle (MiTM) Remote Code Execution (1.8.6)