CVE-2018-1321

Summary

An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can use XSL Transformations (XSLT) to perform malicious operations, including but not limited to file read, file write, and code execution.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache SyncopeReleases prior to 1.2.11, Releases prior to 2.0.8affected
Apache Software FoundationApache SyncopeThe unsupported Releases 1.0.x, 1.1.x may be also affected.affected

Weaknesses

  • File read and write, remote code execution

ADP Enrichment

CVE Program Container

Additional References

References