3 matches found
CVE-2018-1322
CVE-2018-1322 affects Apache Syncope: 1.2.x before 1.2.11, 2.0.x before 2.0.8, and some unsupported releases (1.0.x, 1.1.x). The vulnerability allows an administrator with user-search entitlements to recover sensitive security values by manipulating the fiql and orderby parameters. The provided d...
CVE-2026-42797
CVE-2026-42797 (Apache Syncope) exposes a data-query related information disclosure via a misconfigured JEXL expression. An administrator with entitlements for Derived Schemas can craft a malicious JEXL expression that, if the requester also has User-read privileges, may access security-sensitive...
CVE-2026-23795
CVE-2026-23795 describes an XML External Entity (XXE) vulnerability in the Apache Syncope Console. An administrator with sufficient entitlements to create or edit Keymaster parameters can craft malicious XML text to trigger XXE, potentially leaking sensitive data. Affected versions: Apache Syncop...