OpenAM Authenticated RCE via Groovy Sandbox Escape
Description A Protection Mechanism Failure (CWE-693) in OpenAM's server-side scripting sandbox allows an authenticated script author execute operating-system commands from the OpenAM JVM with the default class allow and deny lists. This impacts OpenAM Community Edition through version 16.0.6. This issue was patched in version 16.1.1.