In ForgeRock Access Management (AM) prior to 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion.
forgerock access management