Lucene search
CVE-2018-1322
An admin with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x can recover sensitive security values using fiql and orderby parameters
Show more
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | CVE-2018-1322 | 20 Mar 201817:00 | – | cvelist |
 | Exposure of Sensitive Information to an Unauthorized Actor in Apache syncope-cope | 6 Nov 201823:17 | – | github |
 | CVE-2018-1322 | 20 Mar 201817:29 | – | nvd |
 | CVE-2018-1322 | 20 Mar 201817:29 | – | osv |
| Exposure of Sensitive Information to an Unauthorized Actor in Apache syncope-cope | 6 Nov 201823:17 | – | osv |
 | Information Disclosure | 20 Mar 201808:09 | – | veracode |
 | Design/Logic Flaw | 20 Mar 201817:29 | – | prion |
 | K49033153 : Apache Syncope vulnerabilities CVE-2018-1321 and CVE-2018-1322 | 17 Jul 201800:00 | – | f5 |
 | Apache Syncope 2.0.7 - Remote Code Execution | 13 Sep 201800:00 | – | exploitdb |
 | Apache Syncope 2.0.7 - Remote Code Execution | 13 Sep 201800:00 | – | exploitpack |
10
Node
OROROROROROROROROROROROROROROROROROR
[
{
"product": "Apache Syncope",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "Releases prior to 1.2.11, Releases prior to 2.0.8"
},
{
"status": "affected",
"version": "The unsupported Releases 1.0.x, 1.1.x may be also affected."
}
]
}
]| Source | Link |
|---|---|
| exploit-db | www.exploit-db.com/exploits/45400/ |
| syncope | www.syncope.apache.org/security.html |
| securityfocus | www.securityfocus.com/bid/103507 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo20 Mar 2018 17:29Current
5.2Medium risk
Vulners AI Score5.2
CVSS24
CVSS34.9
EPSS0.00157