WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2014-0111 Vulnerability in maven package org.apache.syncope:syncope-core

Description

Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links of resource mappings."

Remediation

References

http://mail-archives.us.apache.org/mod_mbox/www-announce/201404.mbox/%3C534CE273.9020601%40apache.org%3E

http://syncope.apache.org/security.html

http://www.securityfocus.com/archive/1/531841/100/0/threaded

Related Vulnerabilities

CVE-2023-26480 Vulnerability in maven package org.xwiki.platform:xwiki-platform-livedata-macro

CVE-2022-31160 Vulnerability in maven package org.webjars:jquery-ui

CVE-2022-40955 Vulnerability in maven package org.apache.inlong:sort-connector-jdbc

CVE-2014-0248 Vulnerability in maven package org.jboss.seam:jboss-seam

CVE-2020-14000 Vulnerability in npm package scratch-vm

Severity

Critical

Classification

CWE-94

Tags

Vendor Advisory Third Party Advisory VDB Entry