Vulnerability Details CVE-2018-1322
An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.178
EPSS Ranking 94.7%
CVSS Severity
CVSS v3 Score 4.9
CVSS v2 Score 4.0
References
- http://syncope.apache.org/security.html#CVE-2018-1322:_Information_disclosure_via_FIQL_and_ORDER_BY_sorting
- http://www.securityfocus.com/bid/103507
- https://www.exploit-db.com/exploits/45400/
- http://syncope.apache.org/security.html#CVE-2018-1322:_Information_disclosure_via_FIQL_and_ORDER_BY_sorting
- http://www.securityfocus.com/bid/103507
- https://www.exploit-db.com/exploits/45400/
Products affected by CVE-2018-1322
-
cpe:2.3:a:apache:syncope:1.0.0
-
cpe:2.3:a:apache:syncope:1.0.3
-
cpe:2.3:a:apache:syncope:1.0.4
-
cpe:2.3:a:apache:syncope:1.0.5
-
cpe:2.3:a:apache:syncope:1.0.6
-
cpe:2.3:a:apache:syncope:1.0.7
-
cpe:2.3:a:apache:syncope:1.0.8
-
cpe:2.3:a:apache:syncope:1.0.9
-
cpe:2.3:a:apache:syncope:1.1.0
-
cpe:2.3:a:apache:syncope:1.1.1
-
cpe:2.3:a:apache:syncope:1.1.2
-
cpe:2.3:a:apache:syncope:1.1.3
-
cpe:2.3:a:apache:syncope:1.1.4
-
cpe:2.3:a:apache:syncope:1.1.5
-
cpe:2.3:a:apache:syncope:1.1.6
-
cpe:2.3:a:apache:syncope:1.1.7
-
cpe:2.3:a:apache:syncope:1.1.8
-
cpe:2.3:a:apache:syncope:1.2.0
-
cpe:2.3:a:apache:syncope:1.2.1
-
cpe:2.3:a:apache:syncope:1.2.10
-
cpe:2.3:a:apache:syncope:1.2.2
-
cpe:2.3:a:apache:syncope:1.2.3
-
cpe:2.3:a:apache:syncope:1.2.4
-
cpe:2.3:a:apache:syncope:1.2.5
-
cpe:2.3:a:apache:syncope:1.2.6
-
cpe:2.3:a:apache:syncope:1.2.7
-
cpe:2.3:a:apache:syncope:1.2.8
-
cpe:2.3:a:apache:syncope:1.2.9
-
cpe:2.3:a:apache:syncope:2.0.0
-
cpe:2.3:a:apache:syncope:2.0.1
-
cpe:2.3:a:apache:syncope:2.0.2
-
cpe:2.3:a:apache:syncope:2.0.3
-
cpe:2.3:a:apache:syncope:2.0.4
-
cpe:2.3:a:apache:syncope:2.0.5
-
cpe:2.3:a:apache:syncope:2.0.6
-
cpe:2.3:a:apache:syncope:2.0.7