K49033153: Apache Syncope vulnerabilities CVE-2018-1321 and CVE-2018-1322

Security Advisory Description CVE-2018-1321 An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can use XSL Transformations XSLT to perform malicious operations,...

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis, and build issue analysis reports. A security vulnerability exists in JetBrains TeamCity versions 2021.2...

Exposure of Sensitive Information to an Unauthorized Actor in Apache syncope-cope

An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11 and 2.0.x before 2.0.8 can recover sensitive security values using the fiql and orderby parameters...

Apache Syncope Information Disclosure Vulnerability

Apache Syncope is the United States Apache Apache Software Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration and more. A security vulnerability exists in Apache Syncope versions 1.2.x...

CVE-2018-1322

An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters...

CVE-2018-1322

An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters...