Follycat

**Name of the Vulnerable Software and Affected Versions** Apache Syncope versions 3.0 through 3.0.15 Apache Syncope versions 4.0 through 4.0.3 **Description** An issue exists in Apache Syncope Console where an administrator with sufficient privileges to create or edit Keymaster parameters can construct malicious XML text to launch an XML External Entity (XXE) attack. This can lead to sensitive data leakage. **Recommendations** Upgrade to Apache Syncope version 3.0.16 Upgrade to Apache Syncope version 4.0.4