Security Advisory
ForgeRock Identity Platform
Does not apply to Identity Cloud

OpenAM Security Advisory #201404

Last updated Feb 24, 2021

A security vulnerability have been discovered in the OpenAM Core Server.

1 reader recommends this article

November 5, 2014

A security vulnerability have been discovered in the OpenAM Core Server.

This advisory provides guidance on how to ensure your deployments can be secured.

The severity of the issue in this advisory is Critical. Deployers should take immediate steps as outlined in this advisory and apply the patch at the earliest opportunity.

Patch bundles are available through BackStage for the following versions:

  • 9.5.5
  • 10.0.0
  • 10.0.2
  • 11.0.0
  • 11.0.2

Issue #201404-01: Denial of Service vulnerability - CVE-2014-7246

Product OpenAM
Affected versions  9.5.3-9.5.5, 10.0.0-10.0.2, 10.1.0-Xpress, 11.0.0-11.0.2
Fixed versions N/A
Component Core Server, Server Only
Severity Critical
Issue Tracker ID OPENAM-4794


 In environments where more than one OpenAM server has been configured, it is possible that an authenticated attacker can construct and send a single request that triggers an infinite loop, occupying one or more instances in the deployment until the affected instances are restarted.


No workaround available.


Deploy the relevant patch bundle.

Change Log

The following table tracks changes to the security advisory:

Date  Description
February 24, 2021 Added ForgeRock Identity Platform taxon to improve categorization

Copyright and TrademarksCopyright © 2021 ForgeRock, all rights reserved.