Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links of resource mappings."
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache Syncope 代码注入漏洞
Vulnerability Description
Apache Syncope是美国阿帕奇(Apache)软件基金会的一套用于企业环境中的开源数字身份管理系统。该系统支持身份管理、角色配置等。 Apache Syncope 1.0.0至1.0.8版本和1.1.0至1.1.6版本的Apache Commons JEXL表达式(derived schema definition,user / role templates,account links of resource mappings)中存在安全漏洞。远程攻击者可利用该漏洞执行任意Java代码。
CVSS Information
N/A
Vulnerability Type
N/A