0.002 Low
EPSS
Percentile
54.9%
apache-syncope is vulnerable to information disclosure. A malicious administrator user with search permissions can gain access to sensitive information through queries with the ORDER_BY argument.
ORDER_BY
seclists.org/oss-sec/2018/q1/250
syncope.apache.org/security.html#CVE-2018-1322:_Information_disclosure_via_FIQL_and_ORDER_BY_sorting
github.com/apache/syncope/commit/44a5ca0fbd357b8b5d81aa9313fb01cca30d8ad3
github.com/apache/syncope/commit/735579b6f987b407049ac1f1da08e675d957c3e6