Vulnerabilities (CVE)

Filtered by vendor Apache Subscribe

Filtered by product Syncope

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-11977	1 Apache	1 Syncope	2020-09-24	8.5 HIGH	7.2 HIGH
In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution.
CVE-2018-1321	1 Apache	1 Syncope	2019-04-25	6.5 MEDIUM	7.2 HIGH
An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can use XSL Transformations (XSLT) to perform malicious operations, including but not limited to file read, file write, and code execution.
CVE-2018-17186	1 Apache	1 Syncope	2019-01-31	6.5 MEDIUM	7.2 HIGH
An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution.