CVE-2018-1322

CVSS v3.0 4.9 (Medium)

CVSS v2.0 4 (Medium)

EPSS 0.18 % (55^th)

Affected Products 1

Advisories 1

An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters.

Weaknesses

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CVE Status: PUBLISHED
CNA: Apache Software Foundation
Published Date: 2018-03-20 17:29:00
(6 years ago)
Updated Date: 2019-03-08 15:15:59
(5 years ago)

Affected Products

Apache

Syncope

Configuration #1

	CPE23	From	Up To
Apache Syncope from 1.2.0 version and prior 1.2.11 version	cpe:2.3:a:apache:syncope	>= 1.2.0	< 1.2.11
Apache Syncope from 2.0.0 version and prior 2.0.8 version	cpe:2.3:a:apache:syncope	>= 2.0.0	< 2.0.8
Apache Syncope 1.0.0	cpe:2.3:a:apache:syncope:1.0.0
Apache Syncope 1.0.3	cpe:2.3:a:apache:syncope:1.0.3
Apache Syncope 1.0.4	cpe:2.3:a:apache:syncope:1.0.4
Apache Syncope 1.0.5	cpe:2.3:a:apache:syncope:1.0.5
Apache Syncope 1.0.6	cpe:2.3:a:apache:syncope:1.0.6
Apache Syncope 1.0.7	cpe:2.3:a:apache:syncope:1.0.7
Apache Syncope 1.0.8	cpe:2.3:a:apache:syncope:1.0.8
Apache Syncope 1.0.9	cpe:2.3:a:apache:syncope:1.0.9
Apache Syncope 1.1.0	cpe:2.3:a:apache:syncope:1.1.0
Apache Syncope 1.1.1	cpe:2.3:a:apache:syncope:1.1.1
Apache Syncope 1.1.2	cpe:2.3:a:apache:syncope:1.1.2
Apache Syncope 1.1.3	cpe:2.3:a:apache:syncope:1.1.3
Apache Syncope 1.1.4	cpe:2.3:a:apache:syncope:1.1.4
Apache Syncope 1.1.5	cpe:2.3:a:apache:syncope:1.1.5
Apache Syncope 1.1.6	cpe:2.3:a:apache:syncope:1.1.6
Apache Syncope 1.1.7	cpe:2.3:a:apache:syncope:1.1.7
Apache Syncope 1.1.8	cpe:2.3:a:apache:syncope:1.1.8