Lucene search
F5F5:K49033153HistoryJul 17, 2018 - 12:00 a.m.
K49033153 : Apache Syncope vulnerabilities CVE-2018-1321 and CVE-2018-1322
2018-07-1700:00:00
my.f5.com
18
Security Advisory Description
An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can use XSL Transformations (XSLT) to perform malicious operations, including but not limited to file read, file write, and code execution.
An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters.
Impact
There is no impact; F5 products are not affected by this vulnerability.
Related
exploitpack
exploitpack
Apache Syncope 2.0.7 - Remote Code Execution
2018-09-13 00:00:00
packetstorm
packetstorm
Apache Syncope 2.0.7 Remote Code Execution
2018-09-15 00:00:00
exploitdb
exploitdb
Apache Syncope 2.0.7 - Remote Code Execution
2018-09-13 00:00:00
cve
cve
CVE-2018-1322
2018-03-21 00:00:00
CVE-2018-1321
2018-03-21 00:00:00
nvd
nvd
CVE-2018-1322
2018-03-20 17:29:00
CVE-2018-1321
2018-03-20 17:29:00
cvelist
cvelist
CVE-2018-1322
2018-03-21 00:00:00
CVE-2018-1321
2018-03-21 00:00:00
github
github
osv
osv
CVE-2018-1322
2018-03-20 17:29:00
Exposure of Sensitive Information to an Unauthorized Actor in Apache syncope-cope
2018-11-06 23:17:25
CVE-2018-1321
2018-03-20 17:29:00
veracode
veracode
Information Disclosure
2018-03-20 08:09:08
Remote Code Execution (RCE)
2018-03-20 02:35:09
prion
prion
Design/Logic Flaw
2018-03-20 17:29:00
Remote code execution
2018-03-20 17:29:00
zdt
zdt
Apache Syncope 2.0.7 Remote Code Execution Exploit
2018-09-15 00:00:00