1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: Apache Syncope CVE-2018-1321 RCE

Attack: Apache Syncope CVE-2018-1321 RCE

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects the attempt to execute arbitrary code in the context of the affected application.

Additional Information

Apache Syncope is a system for managing digital identities in enterprise environments.

Apache Syncope is prone to multiple remote code execution vulnerabilities because it incorrectly assigns 'report' and 'template' entitlements to an administrator. Specifically, these issues occur because it fails to restrict the use of XSL Transformations (XSLT). An attacker can exploit these issues to read or write files and or execute arbitrary code.

Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application.

Affected

  • Apache Syncope versions prior to 1.2.11 and prior to 2.0.8 are vulnerable.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube