Arbitrary Code Execution in Apache Syncope via Apache Commons JEXL Expressions and Resource Mappings
CVE-2014-0111 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:P/A:P
Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links of resource mappings."
Learn more about our User Device Pen Test.