{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T08:29:55.656","vulnerabilities":[{"cve":{"id":"CVE-2020-1959","sourceIdentifier":"security@apache.org","published":"2020-05-04T13:15:13.533","lastModified":"2024-11-21T05:11:44.377","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A Server-Side Template Injection was identified in Apache Syncope prior to 2.1.6 enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution (RCE) vulnerability. Apache Syncope uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, they support different types of interpolation, including Java EL expressions. Therefore, if an attacker can inject arbitrary data in the error message template being passed, they will be able to run arbitrary Java code."},{"lang":"es","value":"Se identificó una Inyección de Plantillas del Lado del Servidor en Apache Syncope versiones anteriores a la versión  2.1.6, que permitía a atacantes inyectar expresiones JEXL arbitrarias, conllevando a una vulnerabilidad de Ejecución de Código Remota (RCE) no autenticada. Apache Syncope usa validadores de restricciones personalizadas Java Bean Validation (JSR 380). Cuando se construyen mensajes de error de violación de restricciones personalizadas, ellos soportan diferentes tipos de interpolación, incluyendo expresiones de Java EL. Por lo tanto, si un atacante puede inyectar datos arbitrarios en la plantilla de mensajes de error que es pasada, ellos serían capaces de ejecutar código Java arbitrario."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-917"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:syncope:*:*:*:*:*:*:*:*","versionStartIncluding":"2.1.0","versionEndExcluding":"2.1.6","matchCriteriaId":"31260109-834D-4DCF-AA29-754026EC13A2"}]}]}],"references":[{"url":"http://syncope.apache.org/security","source":"security@apache.org","tags":["Vendor Advisory"]},{"url":"http://syncope.apache.org/security","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}