CVE-2018-1322

An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:syncope:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:syncope:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:syncope:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:syncope:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:syncope:1.1.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:syncope:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:syncope:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:syncope:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:syncope:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:syncope:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:syncope:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:syncope:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:syncope:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:syncope:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:syncope:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:syncope:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:syncope:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:syncope:1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:syncope:1.1.8:*:*:*:*:*:*:*

Information

Published : 2018-03-20 10:29

Updated : 2019-03-08 07:15


NVD link : CVE-2018-1322

Mitre link : CVE-2018-1322


JSON object : View

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

dedicated server usa

Products Affected

apache

  • syncope