CVE-2014-0111

Currently unrated

Key Information:

Vendor: Apache
Status: Syncope
Vendor: CVE Published:; 17 April 2014

Summary

Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links of resource mappings."

References

http://mail-archives.us.apache.org/mod_mbox/www-announce/...

mailing-listx_refsource_MLIST

http://syncope.apache.org/security.html

x_refsource_CONFIRM

http://www.securityfocus.com/archive/1/531841/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Apr 17, 2014
Vulnerability Reserved
Dec 3, 2013