Apache Software Foundation 1.0.7

CPE Details

Apache Software Foundation 1.0.7
apache
syncope
1.0.7
2014-07-11
14h52 +00:00
2014-07-17
15h21 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:apache:syncope:1.0.7:*:*:*:*:*:*:*

Informations

Vendor

apache

Product

syncope

Version

1.0.7

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2018-1321 2018-03-20 17h00 +00:00 An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can use XSL Transformations (XSLT) to perform malicious operations, including but not limited to file read, file write, and code execution.
7.2
High
CVE-2018-1322 2018-03-20 17h00 +00:00 An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters.
4.9
Medium
CVE-2014-0111 2014-04-17 12h00 +00:00 Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links of resource mappings."
6.5