Apache: >> Syncope Security Vulnerabilities
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.
CVSS Score
5.0
EPSS Score
0.019
Published
2014-07-11
Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links of resource mappings."
CVSS Score
6.5
EPSS Score
0.011
Published
2014-04-17
Page 2