OpenSSL 3.0 vulnerability and ForgeRock products

Last updated Nov 3, 2022

The purpose of this article is to provide information on whether ForgeRock products (Identity Cloud, AM, DS, IDM, IG, Autonomous Identity and the SDKs) are vulnerable to the OpenSSL 3.0 vulnerability (CVE-2022-3602 and CVE-2022-3786). This vulnerability allows a buffer overrun to be triggered in X.509 certificate verification, which could result in a crash (causing a denial of service) or potentially remote code execution in certain circumstances.

Copyright and Trademarks Copyright © undefined ForgeRock, all rights reserved.