0.001 Low
EPSS
Percentile
24.1%
apache syncope is vulnerable to XML external entity attacks (XXE). An attacker is able to read and write arbitrary files and execute arbitrary code using malicious DTDs in the workflow definition entitlements.
syncope.apache.org/security#CVE-2018-17186:_XXE_on_BPMN_definitions