CVE-2014-0111
Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links of resource mappings."
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.0142 (1.4%)
Percentil: 80.7%
EPSS: 2026-05-06
Afecta
apache:syncopeDescripción técnica
Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links of resource mappings."
Publicada: 17/4/2014, 14:55:06
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://mail-archives.us.apache.org/mod_mbox/www-announce/201404.mbox/%3C534CE273.9020601%40apache.org%3E
- http://syncope.apache.org/security.html
- http://www.securityfocus.com/archive/1/531841/100/0/threaded
- http://mail-archives.us.apache.org/mod_mbox/www-announce/201404.mbox/%3C534CE273.9020601%40apache.org%3E
- http://syncope.apache.org/security.html
- http://www.securityfocus.com/archive/1/531841/100/0/threaded