CVE-2018-1321

CVSS v3.0 7.2 (High)
72% Progress
CVSS v2.0 6.5 (Medium)
65% Progress
EPSS 1.22 % (86th)
1.22% Progress
Affected Products 1
Advisories 1

An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can use XSL Transformations (XSLT) to perform malicious operations, including but not limited to file read, file write, and code execution.

Weaknesses
CWE-20
Improper Input Validation
CVE Status
PUBLISHED
CNA
Apache Software Foundation
Published Date
2018-03-20 17:29:00
(6 years ago)
Updated Date
2019-04-25 18:07:30
(5 years ago)

Affected Products

Loading...
Loading...
Loading...

Configuration #1

    CPE23 From Up To
  Apache Syncope from 1.2.0 version and prior 1.2.11 version cpe:2.3:a:apache:syncope >= 1.2.0 < 1.2.11
  Apache Syncope from 2.0.0 version and prior 2.0.8 version cpe:2.3:a:apache:syncope >= 2.0.0 < 2.0.8
  Apache Syncope 1.0.0 cpe:2.3:a:apache:syncope:1.0.0
  Apache Syncope 1.0.4 cpe:2.3:a:apache:syncope:1.0.4
  Apache Syncope 1.0.5 cpe:2.3:a:apache:syncope:1.0.5
  Apache Syncope 1.0.6 cpe:2.3:a:apache:syncope:1.0.6
  Apache Syncope 1.0.7 cpe:2.3:a:apache:syncope:1.0.7
  Apache Syncope 1.0.8 cpe:2.3:a:apache:syncope:1.0.8
  Apache Syncope 1.0.9 cpe:2.3:a:apache:syncope:1.0.9
  Apache Syncope 1.1.0 cpe:2.3:a:apache:syncope:1.1.0
  Apache Syncope 1.1.1 cpe:2.3:a:apache:syncope:1.1.1
  Apache Syncope 1.1.2 cpe:2.3:a:apache:syncope:1.1.2
  Apache Syncope 1.1.3 cpe:2.3:a:apache:syncope:1.1.3
  Apache Syncope 1.1.4 cpe:2.3:a:apache:syncope:1.1.4
  Apache Syncope 1.1.5 cpe:2.3:a:apache:syncope:1.1.5
  Apache Syncope 1.1.6 cpe:2.3:a:apache:syncope:1.1.6
  Apache Syncope 1.1.7 cpe:2.3:a:apache:syncope:1.1.7
  Apache Syncope 1.1.8 cpe:2.3:a:apache:syncope:1.1.8
  Apache Syncope 1.2.0 Milestone1 cpe:2.3:a:apache:syncope:1.2.0:milestone1
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...