Arbitrary Code Execution in Apache Syncope via Apache Commons JEXL Expressions and Resource Mappings

Arbitrary Code Execution in Apache Syncope via Apache Commons JEXL Expressions and Resource Mappings

CVE-2014-0111 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links of resource mappings."

Learn more about our User Device Pen Test.