Known Vulnerabilities for Syncope by Apache
Listed below are 10 of the newest known vulnerabilities associated with "Syncope" by "Apache".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-42797 json | Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope. An administrator with adequate entit... | Not Provided | 2026-05-25 | 2026-05-26 |
| CVE-2026-42782 json | Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An administrator with adequate entitlements for ... | Not Provided | 2026-05-25 | 2026-05-27 |
| CVE-2020-11977 json | In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entit... | 7.2 - HIGH | 2020-09-15 | 2020-09-24 |
| CVE-2020-1961 json | Vulnerability to Server-Side Template Injection on Mail templates for Apache Syncope 2.0.X releases prior to 2.0.15, 2.1.X re... | 9.8 - CRITICAL | 2020-05-04 | 2020-05-07 |
| CVE-2020-1959 json | A Server-Side Template Injection was identified in Apache Syncope prior to 2.1.6 enabling attackers to inject arbitrary Java ... | 9.8 - CRITICAL | 2020-05-04 | 2021-07-21 |
| CVE-2019-17557 json | It was found that the Apache Syncope EndUser UI login page prio to 2.0.15 and 2.1.6 reflects the successMessage parameters. B... | 5.4 - MEDIUM | 2020-05-04 | 2020-05-07 |
| CVE-2018-17186 json | An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited... | 7.2 - HIGH | 2018-11-06 | 2019-01-31 |
| CVE-2018-17184 json | A malicious user with enough administration entitlements can inject html-like elements containing JavaScript statements into ... | 5.4 - MEDIUM | 2018-11-06 | 2018-12-13 |
| CVE-2018-1322 json | An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported rel... | 4.9 - MEDIUM | 2018-03-20 | 2019-03-08 |
| CVE-2018-1321 json | An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsuppo... | 7.2 - HIGH | 2018-03-20 | 2019-04-25 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Syncope | 2.1.7 | |||
| Application | Apache | Syncope | 2.1.6 | |||
| Application | Apache | Syncope | 2.1.5 | |||
| Application | Apache | Syncope | 2.1.4 | |||
| Application | Apache | Syncope | 2.1.3 | |||
| Application | Apache | Syncope | 2.1.2 | |||
| Application | Apache | Syncope | 2.1.1 | |||
| Application | Apache | Syncope | 2.1.0 | |||
| Application | Apache | Syncope | 2.0.9 | |||
| Application | Apache | Syncope | 2.0.8 | |||
| Application | Apache | Syncope | 2.0.7 | |||
| Application | Apache | Syncope | 2.0.6 | |||
| Application | Apache | Syncope | 2.0.5 | |||
| Application | Apache | Syncope | 2.0.4 | |||
| Application | Apache | Syncope | 2.0.3 | |||
| Application | Apache | Syncope | 2.0.2 | |||
| Application | Apache | Syncope | 2.0.15 | |||
| Application | Apache | Syncope | 2.0.14 | |||
| Application | Apache | Syncope | 2.0.13 | |||
| Application | Apache | Syncope | 2.0.12 |