CVE-2014-0111 Information

Description

Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions \derived schema definition\ \user / role templates\ and \account links of resource mappings.\

Reference

http://mail-archives.us.apache.org/mod_mbox/www-announce/201404.mbox/3C534CE273.9020601@apache.org3E http://syncope.apache.org/security.html http://www.securityfocus.com/archive/1/531841/100/0/threaded