Moderate severityNVD Advisory· Published Apr 17, 2014· Updated May 6, 2026

CVE-2014-0111

Description

Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links of resource mappings."

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.apache.syncope:syncopeMaven	>= 1.0.0, < 1.0.9	1.0.9
org.apache.syncope:syncopeMaven	>= 1.1.0, < 1.1.7	1.1.7

Affected products

Apache/Syncope
cpe:2.3:a:apache:syncope:*:*:*:*:*:*:*:*
Range: >=1.0.0,<1.0.9

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

syncope.apache.org/security.htmlnvdVendor AdvisoryWEB
www.securityfocus.com/archive/1/531841/100/0/threadednvdThird Party AdvisoryVDB Entry
github.com/advisories/GHSA-r2xf-w5pj-9pw8ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2014-0111ghsaADVISORY
mail-archives.us.apache.org/mod_mbox/www-announce/201404.mbox/%3C534CE273.9020601@apache.org%3EghsaWEB
web.archive.org/web/20201208163011/http://www.securityfocus.com/archive/1/531841/100/0/threadedghsaWEB
mail-archives.us.apache.org/mod_mbox/www-announce/201404.mbox/%3C534CE273.9020601%40apache.org%3Envd

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000