{"containers": {"cna": {"affected": [{"product": "Apache Syncope", "vendor": "Apache Software Foundation", "versions": [{"status": "affected", "version": "Releases prior to 1.2.11, Releases prior to 2.0.8"}, {"status": "affected", "version": "The unsupported Releases 1.0.x, 1.1.x may be also affected."}]}], "datePublic": "2018-03-21T00:00:00", "descriptions": [{"lang": "en", "value": "An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters."}], "problemTypes": [{"descriptions": [{"description": "Information disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-09-15T09:57:01", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://syncope.apache.org/security.html#CVE-2018-1322:_Information_disclosure_via_FIQL_and_ORDER_BY_sorting"}, {"name": "103507", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/103507"}, {"name": "45400", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/45400/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2018-03-21T00:00:00", "ID": "CVE-2018-1322", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Syncope", "version": {"version_data": [{"version_value": "Releases prior to 1.2.11, Releases prior to 2.0.8"}, {"version_value": "The unsupported Releases 1.0.x, 1.1.x may be also affected."}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information disclosure"}]}]}, "references": {"reference_data": [{"name": "http://syncope.apache.org/security.html#CVE-2018-1322:_Information_disclosure_via_FIQL_and_ORDER_BY_sorting", "refsource": "MISC", "url": "http://syncope.apache.org/security.html#CVE-2018-1322:_Information_disclosure_via_FIQL_and_ORDER_BY_sorting"}, {"name": "103507", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103507"}, {"name": "45400", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/45400/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:59:38.575Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://syncope.apache.org/security.html#CVE-2018-1322:_Information_disclosure_via_FIQL_and_ORDER_BY_sorting"}, {"name": "103507", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/103507"}, {"name": "45400", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/45400/"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2018-1322", "datePublished": "2018-03-20T17:00:00Z", "dateReserved": "2017-12-07T00:00:00", "dateUpdated": "2024-09-16T17:03:34.787Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:syncope:*:*:*:*:*:*:*:*", "matchCriteriaId": "C352FD95-915E-4382-8020-8D5F738D63A9", "versionEndExcluding": "1.2.11", "versionStartIncluding": "1.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:syncope:*:*:*:*:*:*:*:*", "matchCriteriaId": "0664E504-BA1D-40C9-A4B2-53DCF4BDDA1E", "versionEndExcluding": "2.0.8", "versionStartIncluding": "2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:syncope:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "5E4BEECD-5BE6-4ADE-AB9F-82631A582D27", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:syncope:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "682C36BC-D3E7-4203-9793-313CC72DA62D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:syncope:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "B34E99B4-4EAD-47D8-BDE4-235836F85E8E", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:syncope:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "8C28DB5E-FDC8-4D6C-8652-62071084AFE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:syncope:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "EE1F61F6-8D9B-4DD3-9212-42AE1F399A27", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:syncope:1.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "C4B181F2-B240-47CA-B5DD-9C5906D8E3B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:syncope:1.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "6F9EEDCA-AE77-42C0-A99A-F7DF126E7901", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:syncope:1.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "BE2E485D-8AA7-45B1-B436-D0C2260EE182", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:syncope:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "4A4CE370-0229-4408-A2B1-5677B6ACDB3F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:syncope:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "D3FAA0C0-9FB0-4F63-BA1F-6AF504E6FFFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:syncope:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "904FD046-B8DF-4842-9DEA-78D03AF0394E", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:syncope:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "0DBE0A5E-0576-4D6E-B5F9-C122405EA691", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:syncope:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "A68014D4-1B64-478C-BBC2-168DB2FBF124", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:syncope:1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "7B5E2D4B-9BDE-432C-8269-4AE65586D2F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:syncope:1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "85F12537-6086-4F5C-A875-F9139A3B56B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:syncope:1.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "DCE40770-AC7A-4E5F-B7A0-37E9BBE55811", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:syncope:1.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "4BB19E5F-707F-4F2F-93FF-619784E02D40", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters."}, {"lang": "es", "value": "Un administrador con privilegios de b\u00fasqueda de usuarios en Apache Syncope, en versiones 1.2.x anteriores a la 1.2.11, versiones 2.0.x anteriores a la 2.0.8 y versiones 1.0.x y 1.1.x no soportadas que tambi\u00e9n podr\u00edan verse afectadas, puede recuperar valores sensibles para la seguridad empleando los par\u00e1metros fiql y orderby."}], "id": "CVE-2018-1322", "lastModified": "2024-11-21T03:59:37.510", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-03-20T17:29:00.300", "references": [{"source": "security@apache.org", "tags": ["Mitigation", "Vendor Advisory"], "url": "http://syncope.apache.org/security.html#CVE-2018-1322:_Information_disclosure_via_FIQL_and_ORDER_BY_sorting"}, {"source": "security@apache.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103507"}, {"source": "security@apache.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/45400/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "http://syncope.apache.org/security.html#CVE-2018-1322:_Information_disclosure_via_FIQL_and_ORDER_BY_sorting"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103507"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/45400/"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}