Lucene search
HistoryApr 17, 2014 - 2:55 p.m.
CVE-2014-0111
cve-2014-0111
apache syncope
remote code execution
apache commons jexl
security vulnerability
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
7.6 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
62.3%
Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, “derived schema definition,” “user / role templates,” and “account links of resource mappings.”
Affected configurations
Node
apachesyncopeRange1.0.0–1.0.9
ORapachesyncopeRange1.1.0–1.1.7
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache:syncope | apache syncope | lt | 1.0.9 |
| apache:syncope | apache syncope | lt | 1.1.7 |
Related
nvd
nvd
CVE-2014-0111
2014-04-17 14:55:06
osv
osv
Apache Syncope JEXL Code Injection
2022-05-14 01:18:38
seebug
seebug
Apache Syncope特制Commons JEXL表达式远程代码执行漏洞
2014-04-17 00:00:00
github
github
Apache Syncope JEXL Code Injection
2022-05-14 01:18:38
securityvulns
securityvulns
[SECURITY] CVE-2014-0111 Apache Syncope
2014-05-04 00:00:00
prion
prion
Code injection
2014-04-17 14:55:00
cvelist
cvelist
CVE-2014-0111
2014-04-17 14:00:00
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
7.6 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
62.3%
Related for CVE-2014-0111