3 matches found
org.apache.syncope.core:syncope-core-metrics-starter (=4.0.2), org.apache.syncope.core:syncope-core-self-keymaster-starter (>=4.0.0 <=4.0.2) potentially affected by CVE-2025-65998 via org.apache.syncope.core:syncope-core-starter (>=4.0.0-M0 <=4.0.2)
org.apache.syncope.core:syncope-core-starter MAVEN version =4.0.0-M0, =4.0.0, =4.0.2 Source cves: CVE-2025-65998 Source advisory: SNYK:JAVA-ORGAPACHESYNCOPECORE-14105145...
Use of Hard-coded Cryptographic Key
Overview org.apache.syncope.core:syncope-core-starter is an Apache Syncope Core Spring Boot Starter Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key in the password encryption process. An attacker can recover original cleartext password values by accessing t...
org.apache.syncope.core:syncope-core-self-keymaster-starter (>=3.0.0 <=3.0.14) potentially affected by CVE-2025-65998 via org.apache.syncope.core:syncope-core-starter (>=3.0.0-M0 <=3.0.14)
org.apache.syncope.core:syncope-core-starter MAVEN version =3.0.0-M0, =3.0.0, =3.0.14 Source cves: CVE-2025-65998 Source advisory: SNYK:JAVA-ORGAPACHESYNCOPECORE-14105145...