Apache Software Foundation 1.1.3

CPE Details

Apache Software Foundation 1.1.3
apache
syncope
1.1.3
2014-07-11
14h52 +00:00
2014-07-17
15h21 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:apache:syncope:1.1.3:*:*:*:*:*:*:*

Informations

Vendor

apache

Product

syncope

Version

1.1.3

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2018-1321 2018-03-20 17h00 +00:00 An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can use XSL Transformations (XSLT) to perform malicious operations, including but not limited to file read, file write, and code execution.
7.2
Haute
CVE-2018-1322 2018-03-20 17h00 +00:00 An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters.
4.9
Moyen
CVE-2014-3503 2014-07-11 12h00 +00:00 Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.
5
CVE-2014-0111 2014-04-17 12h00 +00:00 Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links of resource mappings."
6.5