Lucene search
GoogleOSV:GHSA-XGC9-9W4V-H33HHistoryNov 06, 2018 - 11:17 p.m.
High severity vulnerability that affects org.apache.syncope:syncope-core
2018-11-0623:17:27
Google
osv.dev
10
0.012 Low
EPSS
Percentile
85.5%
An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11 and 2.0.x before 2.0.8 can use XSL Transformations (XSLT) to perform malicious operations, including but not limited to file read, file write, and code execution.
References
syncope.apache.org/security.html#CVE-2018-1321:_Remote_code_execution_by_administrators_with_report_and_template_entitlements
www.securityfocus.com/bid/103508
github.com/advisories/GHSA-xgc9-9w4v-h33h
github.com/apache/syncope/commit/726231fbf7b817bd2a9467171dcb1c0087c75bc
github.com/apache/syncope/commit/ad31479c1c543ac7d26b8c882aa14f6c00c1fd0
nvd.nist.gov/vuln/detail/CVE-2018-1321
www.exploit-db.com/exploits/45400
Related
osv
osv
CVE-2018-1321
2018-03-20 17:29:00
cve
cve
CVE-2018-1321
2018-03-21 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2018-03-20 02:35:09
cvelist
cvelist
CVE-2018-1321
2018-03-21 00:00:00
github
github
High severity vulnerability that affects org.apache.syncope:syncope-core
2018-11-06 23:17:27
nvd
nvd
CVE-2018-1321
2018-03-20 17:29:00
prion
prion
Remote code execution
2018-03-20 17:29:00
zdt
zdt
Apache Syncope 2.0.7 Remote Code Execution Exploit
2018-09-15 00:00:00
exploitpack
exploitpack
Apache Syncope 2.0.7 - Remote Code Execution
2018-09-13 00:00:00
f5
f5
K49033153 : Apache Syncope vulnerabilities CVE-2018-1321 and CVE-2018-1322
2018-07-17 00:00:00
packetstorm
packetstorm
Apache Syncope 2.0.7 Remote Code Execution
2018-09-15 00:00:00
exploitdb
exploitdb
Apache Syncope 2.0.7 - Remote Code Execution
2018-09-13 00:00:00