CVE-2020-1961
Description
Vulnerability to Server-Side Template Injection on Mail templates for Apache Syncope 2.0.X releases prior to 2.0.15, 2.1.X releases prior to 2.1.6, enabling attackers to inject arbitrary JEXL expressions, leading to Remote Code Execution (RCE) was discovered.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
7.128
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-1959,CVE-2020-1961 are fixed in Apache-syncope-core 2.1.6 | Windows |
| Vulnerabilities CVE-2020-1961 are fixed in Apache-syncope-core 2.0.15 | Windows |
| Vulnerabilities CVE-2020-1959,CVE-2020-1961 are fixed in Apache-syncope-core for Linux 2.1.6 | Linux |
| Vulnerabilities CVE-2020-1961 are fixed in Apache-syncope-core for Linux 2.0.15 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234