Apache Commons Collections vulnerability and ForgeRock products

Last updated Feb 2, 2022

The purpose of this article is to provide information on whether ForgeRock products (OpenAM, OpenDJ, OpenIDM and OpenIG) are vulnerable to the Apache™ Commons Collections issue and how to mitigate this vulnerability where applicable. The Commons Collections issue refers to Java® Object Serialization and the potential remote code execution vulnerability using the commons-collections-3.2.1.jar; specifically the org/apache/commons/collections/functors/InvokerTransformer.class within this jar file.

Copyright and Trademarks Copyright © undefined ForgeRock, all rights reserved.