Remote Code Execution Vulnerability in Apache Syncope by Apache
CVE-2014-0111

Currently unrated

Key Information:

Vendor: Apache
Status: Syncope
Vendor: CVE Published:; 17 April 2014

Summary

Apache Syncope versions prior to 1.0.9 and 1.1.7 contain a vulnerability that permits remote administrators to execute arbitrary Java code. This exploitation can occur through various vectors, including improper handling of Apache Commons JEXL expressions, as well as through derived schema definitions, user and role templates, and account links of resource mappings. Consequently, this vulnerability presents significant risks for unauthorized access and manipulation of system resources.

References

http://mail-archives.us.apache.org/mod_mbox/www-announce/...

mailing-listx_refsource_MLIST

http://syncope.apache.org/security.html

x_refsource_CONFIRM

http://www.securityfocus.com/archive/1/531841/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Apr 17, 2014
Vulnerability Reserved
Dec 3, 2013