Attackers are actively exploiting a critical, pre-authorization remote-code execution (RCE) vulnerability in the Access Management platform from digital identity management firm ForgeRock. The vulnerability can be found in Access Management versions below 7.0 running on Java 8; 6.0.x, 6.5.1, 65.2.x and 6.3.3, as well as older, unsupported versions are all sitting ducks. ForgeRock released a workaround and advisory to its customers to protect them from the vulnerability; the company updated its advisory with a permanent fix.
Source: https://threatpost.com/critical-vulnerability-rce-forgerock-openam/167679/