CVE-2018-1321
CVSS v3.0
7.2 (High)
CVSS v2.0
6.5 (Medium)
EPSS
1.22 % (86th)
Affected Products
1
Advisories
1
An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can use XSL Transformations (XSLT) to perform malicious operations, including but not limited to file read, file write, and code execution.
Weaknesses
- CWE-20
- Improper Input Validation
- CVE Status
- PUBLISHED
- CNA
- Apache Software Foundation
- Published Date
-
2018-03-20 17:29:00
(6 years ago) - Updated Date
-
2019-04-25 18:07:30
(5 years ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...