Apache Struts 2 vulnerabilities and ForgeRock products

Last updated Feb 2, 2022

The purpose of this article is to provide information on whether ForgeRock products (AM/OpenAM, DS/OpenDJ, IDM/OpenIDM and IG/OpenIG) are vulnerable to the Apache™ Struts 2 issues (CVE-2018-11776 or CVE-2017-5638). These vulnerabilities allow an attacker to remotely execute code in certain circumstances.

4 readers recommend this article

Archived

This article has been archived and is no longer maintained by ForgeRock.

ForgeRock products

ForgeRock products do not use the Apache Struts 2 framework and are therefore not vulnerable to these issues.

You can read more about these vulnerabilities here:

Apache Struts 2 Security Bulletin: S2-057
Apache Struts 2 Security Bulletin: S2-045