CVE-2018-1322

Summary

An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache SyncopeReleases prior to 1.2.11, Releases prior to 2.0.8affected
Apache Software FoundationApache SyncopeThe unsupported Releases 1.0.x, 1.1.x may be also affected.affected

Weaknesses

  • Information disclosure

ADP Enrichment

CVE Program Container

Additional References

References