ForgeRock has just released a security advisory #201601 last night and it is quite a long list - a total of 15 vulnerabilites found in OpenAM 12.0.2, 12.0.1, 11.0.3 and 10.0.2.
I have customers using 12.0.2, 11.0.3 and 10.0.2. Not really good news to me. :(
Details can be found here. Start patching!