Description
ForgeRock AM / OpenAM uses Jato framework internally. The framework is vulnerable to java deserialization attacks. An attacker could exploit this vulnerability using specially-crafted serialized data to execute arbitrary code on the system.
Remediation
Upgrade to the latest version of ForgeRock AM
References
Related Vulnerabilities
WordPress Plugin Similar Posts-Best Related Posts for WordPress Remote Code Execution (3.1.5)
JavaMelody XML External Entity (XXE) vulnerability
WordPress Plugin open-flash-chart-core Remote Code Execution (0.4)
WordPress Plugin Kanzu Support Desk-WordPress Helpdesk Remote Code Execution (2.4.6)
Unauthenticated OGNL injection in Confluence Server and Data Center