cvedb.io
CVE-2016-6500
HIGH · CVSS 8.1
EPSS exploitation probability: 0%
Published 2017-02-03T19:59:00.223 · Last modified 2026-06-17T00:51:16.683

Summary

Unspecified methods in the RACF Connector component before 1.1.1.0 in ForgeRock OpenIDM and OpenICF improperly call the SearchControls constructor with returnObjFlag set to true, which allows remote attackers to execute arbitrary code via a crafted serialized Java object, aka LDAP entry poisoning.

Affected products

forgerock — racf_connector

Does this affect you?

Add your gear to cvedb and we'll alert you only when forgerock ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.