Vulnerability to Server-Side Template Injection on Mail templates for Apache Syncope 2.0.X releases before 2.0.15, 2.1.X releases before 2.1.6, enabling malicious users to inject arbitrary JEXL expressions, leading to Remote Code Execution (RCE) exists.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache syncope |