Vulnerabilities > Forgerock > Openam > 9.5.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-22 | CVE-2021-35464 | Deserialization of Untrusted Data vulnerability in Forgerock Access Management and Openam ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. | 9.8 |
| 2021-03-25 | CVE-2021-29156 | Injection vulnerability in Forgerock Openam ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. | 7.5 |