CVE-2014-0111
Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links of resource mappings."
View on NVDSeverity
N/A
EPSS
Probability of exploitation (next 30 days): 0.0142 (1.4%)
Percentile: 80.7%
EPSS: 2026-05-06
Affects
apache:syncopeTechnical description
Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links of resource mappings."
Published: 4/17/2014, 2:55:06 PM
Last modified: 5/6/2026, 10:30:45 PM
References
- http://mail-archives.us.apache.org/mod_mbox/www-announce/201404.mbox/%3C534CE273.9020601%40apache.org%3E
- http://syncope.apache.org/security.html
- http://www.securityfocus.com/archive/1/531841/100/0/threaded
- http://mail-archives.us.apache.org/mod_mbox/www-announce/201404.mbox/%3C534CE273.9020601%40apache.org%3E
- http://syncope.apache.org/security.html
- http://www.securityfocus.com/archive/1/531841/100/0/threaded