syncope-core-provisioning-java is vulnerable to server-side template injection. Remote attackers are able to inject arbitrary JEXL expressions via the Mail templates and execute arbitrary code on the system.
CPE | Name | Operator | Version |
---|---|---|---|
apache syncope core provisioning java | le | 2.1.5 | |
apache syncope core provisioning java | le | 2.0.14 |