Apache Syncope
4 CVEs affecting Apache Syncope. Latest disclosed: 2026-05-25. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-42782 | High | 7.2 | 2026-05-25 | Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An administrator with adequate entitlements for Implementations can create a malic… |
CVE-2026-42797 | Medium | 4.9 | 2026-05-25 | Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope. An administrator with adequate entitlements for Derived Schemas can cr… |
CVE-2014-3503 | | 2014-07-11 | Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute f… | |
CVE-2014-0111 | | 2014-04-17 | Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL… |