3 matches found
[SECURITY] CVE-2014-0111 Apache Syncope
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-0111: Remote code execution by an authenticated administrator Severity: Important Vendor: The Apache Software Foundation Versions Affected: Syncope 1.0.0 to 1.0.8 Syncope 1.1.0 to 1.1.6 Description: In the various places in which Apache Commo...
CVE-2014-0111
CVE-2014-0111 affects Apache Syncope: remote code execution via Apache Commons JEXL expressions in areas such as derived schema definition, user/role templates, and account links of resource mappings. Impact is that a authenticated administrator could inject and execute arbitrary Java code on the...
Apache Syncope特制Commons JEXL表达式远程代码执行漏洞
CVE ID:CVE-2014-0111 Apache Syncope是用在企业环境的数字身份管理,在JEE技术的实施和Apache 2.0许可下发布的开源系统。 Apache Syncope处理特制的Apache Commons JEXL表达式存在安全漏洞,允许通过验证的远程攻击者通过运行Apache Syncope core的JEE container来执行任意代码。 0 Apache Syncope 1.0.0 Apache Syncope 1.0.8 Apache Syncope 1.1.0 Apache Syncope 1.1.6 Apache Syncope 1.0.9,...