org.apache.syncope.core:syncope-core-metrics-starter (=4.0.2), org.apache.syncope.core:syncope-core-self-keymaster-starter (>=4.0.0 <=4.0.2) potentially affected by CVE-2025-65998 via org.apache.syncope.core:syncope-core-starter (>=4.0.0-M0 <=4.0.2)

org.apache.syncope.core:syncope-core-starter MAVEN version =4.0.0-M0, =4.0.0, =4.0.2 Source cves: CVE-2025-65998 Source advisory: SNYK:JAVA-ORGAPACHESYNCOPECORE-14105145...

Use of Hard-coded Cryptographic Key

Overview org.apache.syncope.core:syncope-core-persistence-jpa is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology and released under Apache 2.0 license. Affected versions of this package are vulnerable to Use of Hard-coded...

Use of Hard-coded Cryptographic Key

Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key in the password encryption process. An attacker can recover original cleartext password values by accessing the internal database content, as the encryption key is hard-coded and publicly known. Note:...

org.apache.syncope.core.am:syncope-core-am-logic (>=4.0.0 <=4.0.2), org.apache.syncope.core.am:syncope-core-am-rest-cxf (>=4.0.0 <=4.0.2) +18 more potentially affected by CVE-2025-65998 via org.apache.syncope.core:syncope-core-provisioning-java (>=4.0.0-M0 <=4.0.2)

org.apache.syncope.core:syncope-core-provisioning-java MAVEN version =4.0.0-M0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.2 and more Source cves: CVE-2...

org.apache.syncope.core.am:syncope-core-am-logic (>=4.0.0 <=4.0.2), org.apache.syncope.core.am:syncope-core-am-rest-cxf (>=4.0.0 <=4.0.2) +33 more potentially affected by CVE-2025-65998 via org.apache.syncope.core:syncope-core-spring (>=4.0.0-M0 <=4.0.2)

org.apache.syncope.core:syncope-core-spring MAVEN version =4.0.0-M0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.2 and more Source cves: CVE-2025-65998 Source advisory: SNYK:JA...

Use of Hard-coded Cryptographic Key

Overview org.apache.syncope.core:syncope-core-starter is an Apache Syncope Core Spring Boot Starter Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key in the password encryption process. An attacker can recover original cleartext password values by accessing t...

org.apache.syncope.core:syncope-core-persistence-jpa-json (>=3.0.0 <=3.0.14), org.apache.syncope.core:syncope-core-self-keymaster-starter (>=3.0.0 <=3.0.14) +6 more potentially affected by CVE-2025-65998 via org.apache.syncope.core:syncope-core-persistence-jpa (>=3.0.0-M0 <=3.0.14)

org.apache.syncope.core:syncope-core-persistence-jpa MAVEN version =3.0.0-M0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.10, =3.0.0, =3.0.14 Source cves: CVE-2025-65998 Source advisory: SNYK:JAVA-ORGAPACHESYNCOPECORE-14105148...

org.apache.syncope.core:syncope-core-metrics-starter (=4.0.2), org.apache.syncope.core:syncope-core-self-keymaster-starter (>=4.0.0 <=4.0.2) +3 more potentially affected by CVE-2025-65998 via org.apache.syncope.core:syncope-core-persistence-jpa (>=4.0.0-M0 <=4.0.2)

org.apache.syncope.core:syncope-core-persistence-jpa MAVEN version =4.0.0-M0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.2 Source cves: CVE-2025-65998 Source advisory: SNYK:JAVA-ORGAPACHESYNCOPECORE-14105148...

Use of Hard-coded Cryptographic Key

Overview org.apache.syncope.core.idrepo:syncope-core-idrepo-logic is an Apache Syncope Core IdRepo Logic Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key in the password encryption process. An attacker can recover original cleartext password values by...

org.apache.syncope.core.am:syncope-core-am-logic (>=3.0.0 <=3.0.14), org.apache.syncope.core.am:syncope-core-am-rest-cxf (>=3.0.0 <=3.0.14) +30 more potentially affected by CVE-2025-65998 via org.apache.syncope.core:syncope-core-spring (>=3.0.0-M0 <=3.0.14)

org.apache.syncope.core:syncope-core-spring MAVEN version =3.0.0-M0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.14 and more Source cves: CVE-2025-65998https://vulners.com/c...

org.apache.syncope.core.am:syncope-core-am-logic (>=4.0.0 <=4.0.1), org.apache.syncope.core.am:syncope-core-am-rest-cxf (>=4.0.0 <=4.0.1) +17 more potentially affected by CVE-2025-57738 via org.apache.syncope.core:syncope-core-provisioning-java (>=4.0.0 <=4.0.1)

org.apache.syncope.core:syncope-core-provisioning-java MAVEN version =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.1 and mo...

org.apache.syncope.core.am:syncope-core-am-logic (>=3.0.0 <=3.0.13), org.apache.syncope.core.am:syncope-core-am-rest-cxf (>=3.0.0 <=3.0.13) +38 more potentially affected by CVE-2025-57738 via org.apache.syncope.core:syncope-core-persistence-api (>=3.0.0-M0 <=3.0.13)

org.apache.syncope.core:syncope-core-persistence-api MAVEN version =3.0.0-M0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.13 and more Source cves: CVE-2025-57738 Source ad...

org.apache.syncope.core.am:syncope-core-am-logic (>=3.0.0 <=3.0.13), org.apache.syncope.core.am:syncope-core-am-rest-cxf (>=3.0.0 <=3.0.13) +30 more potentially affected by CVE-2025-57738 via org.apache.syncope.core:syncope-core-spring (>=3.0.0-M0 <=3.0.13)

org.apache.syncope.core:syncope-core-spring MAVEN version =3.0.0-M0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.13 and more Source cves: CVE-2025-57738https://vulners.com/c...

Improper Isolation or Compartmentalization

Overview Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization of Groovy code provided by delegated administrators. A privileged attacker can execute arbitrary code remotely by providing malicious Groovy implementations that are loaded and executed by the...

Improper Isolation or Compartmentalization

Overview org.apache.syncope.core:syncope-core-provisioning-java is an Open Source system for managing digital identities in enterprise environments, implemented in Java EE technology and released under Apache 2.0 license. Affected versions of this package are vulnerable to Improper Isolation or...

Improper Isolation or Compartmentalization

Overview Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization of Groovy code provided by delegated administrators. A privileged attacker can execute arbitrary code remotely by providing malicious Groovy implementations that are loaded and executed by the...

org.apache.syncope.core.am:syncope-core-am-logic (>=4.0.0 <=4.0.1), org.apache.syncope.core.am:syncope-core-am-rest-cxf (>=4.0.0 <=4.0.1) +32 more potentially affected by CVE-2025-57738 via org.apache.syncope.core:syncope-core-spring (>=4.0.0 <=4.0.1)

org.apache.syncope.core:syncope-core-spring MAVEN version =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.1 and more Source cves: CVE-2025-57738https://vulners.com/cve/CVE-2025-577...

org.apache.syncope.core.am:syncope-core-am-logic (>=3.0.0 <=3.0.13), org.apache.syncope.core.am:syncope-core-am-rest-cxf (>=3.0.0 <=3.0.13) +46 more potentially affected by CVE-2025-57738 via org.apache.syncope.core:syncope-core-spring (>=2.0.0-M2 <=3.0.13)

org.apache.syncope.core:syncope-core-spring MAVEN version =2.0.0-M2, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =2.0.0, =2.0.0, =2.0.0, =2.1.3, =2.0.0, =2.0.0, =3.0.0, =3.0.0, =2.0.0, =2.0.16 and more Source cves: CVE-2025-57738 Source advisory: OSV:GHSA-825G-MM5...

org.apache.syncope.core.am:syncope-core-am-logic (>=4.0.0 <=4.0.1), org.apache.syncope.core.am:syncope-core-am-rest-cxf (>=4.0.0 <=4.0.1) +32 more potentially affected by CVE-2025-57738 via org.apache.syncope.core:syncope-core-spring (>=4.0.0-M0 <=4.0.1)

org.apache.syncope.core:syncope-core-spring MAVEN version =4.0.0-M0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.1 and more Source cves: CVE-2025-57738https://vulners.com/cve/CVE-2025-...

org.apache.syncope:syncope-core-upgrader (>=1.2.0 <=1.2.11), org.apache.syncope:syncope-standalone (>=1.1.0 <=1.1.8) potentially affected by CVE-2020-1959 via org.apache.syncope:syncope-core (>=1.1.0 <=1.2.9)

org.apache.syncope:syncope-core MAVEN version =1.1.0, =1.2.0, =1.1.0, =1.1.8 Source cves: CVE-2020-1959 Source advisory: OSV:GHSA-VJQW-R3WW-WJ2W...