CVE-2021-35464 is a remote code execution vulnerability affecting ForgeRock Access Management (AM) Core Server. It was added to CISA’s Known Exploited Vulnerabilities catalog on 2021-11-03, with CISA marking it for prompt remediation and noting known ransomware campaign use in the source metadata.
CVE-2016-6500 describes a high-severity remote code execution issue in ForgeRock OpenIDM and OpenICF’s RACF Connector. The flaw is tied to unsafe handling of LDAP data and a constructor call that enables attackers to trigger execution by supplying a crafted serialized Java object, sometimes described as LDAP entry poisoning.
