High severity8.1NVD Advisory· Published Feb 3, 2017· Updated Jun 17, 2026
CVE-2016-6500
CVE-2016-6500
Description
Unspecified methods in the RACF Connector component before 1.1.1.0 in ForgeRock OpenIDM and OpenICF improperly call the SearchControls constructor with returnObjFlag set to true, which allows remote attackers to execute arbitrary code via a crafted serialized Java object, aka LDAP entry poisoning.
Affected products
3Patches
Vulnerability mechanics
References
1- backstage.forgerock.com/knowledge/kb/article/a96963547nvdVendor Advisory
News mentions
0No linked articles in our index yet.