OpenIAM prior to 4.2.0.3 allows remote malicious users to execute arbitrary code via Groovy Script.
openiam openiam