The vulnerability affects ForgeRock’s OpenAM access management tool. It could be leveraged to execute arbitrary code on an affected system remotely. The issue is a pre-authentication remote code execution (RCE) vulnerability in ForgeRock Access Manager. It stems from an unsafe Java deserialization in the Jato framework used by the software. ForgeRock customers are advised to move quickly to deploy the patches to mitigate the risk associated with the flaw. It has been addressed in version AM 7 released on June 29, 2021.