2 matches found
CVE-2014-3503
Apache Syncope 1.1.x before 1.1.8 is affected. The issue stems from using insecure Random implementations to generate user passwords, enabling remote attackers to guess passwords by brute force. The fixed version is 1.1.8 (Ad libitum); upgrading is advised. If upgrading is not possible, apply off...
CVE-2014-0111
CVE-2014-0111 affects Apache Syncope: remote code execution via Apache Commons JEXL expressions in areas such as derived schema definition, user/role templates, and account links of resource mappings. Impact is that a authenticated administrator could inject and execute arbitrary Java code on the...