1. Home
  2. Vulnerabilities
  3. CVE-2020-1959

CVE-2020-1959

CVSS v3.1 9.8 (Critical)
98% Progress
CVSS v2.0 7.5 (High)
75% Progress
EPSS 0.21 % (59th)
0.21% Progress
Affected Products 1
Advisories 1
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

A Server-Side Template Injection was identified in Apache Syncope prior to 2.1.6 enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution (RCE) vulnerability. Apache Syncope uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, they support different types of interpolation, including Java EL expressions. Therefore, if an attacker can inject arbitrary data in the error message template being passed, they will be able to run arbitrary Java code.

Weaknesses
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE Status
PUBLISHED
CNA
Apache Software Foundation
Published Date
2020-05-04 13:15:13
(4 years ago)
Updated Date
2021-07-21 11:39:23
(3 years ago)

Affected Products

Apache

Configuration #1

    CPE23 From Up To
  Apache Syncope from 2.1.0 version and prior 2.1.6 version cpe:2.3:a:apache:syncope >= 2.1.0 < 2.1.6