WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2014-0111 Vulnerability in maven package org.apache.syncope:syncope-core

Description

Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links of resource mappings."

Remediation

References

http://mail-archives.us.apache.org/mod_mbox/www-announce/201404.mbox/%3C534CE273.9020601%40apache.org%3E

http://syncope.apache.org/security.html

http://www.securityfocus.com/archive/1/531841/100/0/threaded

Related Vulnerabilities

CVE-2021-30246 Vulnerability in maven package org.webjars.bower:jsrsasign

CVE-2019-10241 Vulnerability in maven package org.eclipse.jetty.aggregate:jetty-all-server

CVE-2019-20174 Vulnerability in maven package org.webjars.bower:auth0-lock

CVE-2012-4529 Vulnerability in maven package org.jboss.as:jboss-as-web

CVE-2022-23615 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

Severity

Critical

Classification

CWE-94

Tags

Vendor Advisory Third Party Advisory VDB Entry