CVE-2018-1322
published 2018-03-20CVE-2018-1322: An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be…
medium4.9CVSS 3.0
AVNACLPRHUINSUCHINAN
EXPLOIT
An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | syncope | — | — |
| apache | syncope | — | — |
| apache | syncope | — | — |
| apache | syncope | — | — |
| apache | syncope | — | — |
| apache | syncope | — | — |
| apache | syncope | — | — |
| apache | syncope | — | — |
| apache | syncope | — | — |
| apache | syncope | — | — |
| apache | syncope | — | — |
| apache | syncope | — | — |
| apache | syncope | — | — |
| apache | syncope | — | — |
| apache | syncope | — | — |
| apache | syncope | — | — |
| apache | syncope | — | — |
| apache | syncope | >= 1.2.0 < 1.2.11 | 1.2.11 |
| apache | syncope | >= 2.0.0 < 2.0.8 | 2.0.8 |
| apache_software_foundation | apache_syncope | — | — |
| apache_software_foundation | apache_syncope | — | — |