org.apache.syncope:syncope
Maven3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.apache.syncope:syncopepage 1 of 1
- CVE-2014-0111NONECVSS 0.0EG 0.0✓ Fixed in 1.1.72014-04-17
vulnerable: 1.1.0 ... 1.1.6 (7 versions)
Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account…
- CVE-2014-3503NONECVSS 0.0EG 0.0✓ Fixed in 1.1.82014-07-11
vulnerable: 1.1.0 ... 1.1.7 (8 versions)
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.
- CVE-2020-11977HIGHCVSS 7.2EG 7.2✓ Fixed in 2.1.72020-09-15
vulnerable: 2.1.0 ... 2.1.6 (7 versions)
In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file …
Check whether org.apache.syncope:syncope is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.syncope:syncope CVEs against the assets you own.
Start Free Scan →