VYPR
Moderate severityNVD Advisory· Published Jul 11, 2014· Updated Jun 17, 2026

CVE-2014-3503

CVE-2014-3503

Description

Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.syncope:syncopeMaven
>= 1.1.0, < 1.1.81.1.8

Affected products

9
  • Apache/Syncope8 versions
    cpe:2.3:a:apache:syncope:1.1.0:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:a:apache:syncope:1.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:syncope:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:syncope:1.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:syncope:1.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:syncope:1.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:syncope:1.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:syncope:1.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:syncope:1.1.7:*:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 1.1.0, < 1.1.8

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.