XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection on Keymaster parameters in XML format. An attacker can access sensitive information by submitting crafted XML data containing external entity references. Details XXE Injection is a type of attack agains...

org.apache.syncope.client.am:syncope-client-am-console (>=4.0.0 <=4.0.3), org.apache.syncope.client.idm:syncope-client-idm-console (>=4.0.0 <=4.0.3) +4 more potentially affected by CVE-2026-23795 via org.apache.syncope.client.idrepo:syncope-client-idrepo-console (>=4.0.0 <=4.0.3)

org.apache.syncope.client.idrepo:syncope-client-idrepo-console MAVEN version =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.3 Source cves: CVE-2026-23795 Source advisory: SNYK:JAVA-ORGAPACHESYNCOPECLIENTIDREPO-15202477...

org.apache.syncope.ext.camel:syncope-ext-camel-client-console (>=2.1.0 <=2.1.14), org.apache.syncope.ext.flowable:syncope-ext-flowable-client-console (>=2.1.10 <=2.1.14) +3 more potentially affected by CVE-2024-45031 via org.apache.syncope.client:syncope-client-console (>=2.1.0 <=2.1.14)

org.apache.syncope.client:syncope-client-console MAVEN version =2.1.0, =2.1.0, =2.1.10, =2.1.0, =2.1.0, =2.1.0, =2.1.14 Source cves: CVE-2024-45031 Source advisory: OSV:GHSA-JMRF-85G8-X8XV...

Server-Side Template Injection

syncope-client-console is vulnerable to server-side template injection. The attack is possible because it uses different types of interpolation, such as Java EL expressions for handling custom constrain violation error messages during building of Java Bean Validation custom constraint...