Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2018-1322 Vulnerability in maven package org.apache.syncope:syncope-core

Description

An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters.

Remediation

References

http://syncope.apache.org/security.html#CVE-2018-1322:_Information_disclosure_via_FIQL_and_ORDER_BY_sorting

http://www.securityfocus.com/bid/103507

https://www.exploit-db.com/exploits/45400/

Related Vulnerabilities

CVE-2019-10455 Vulnerability in maven package org.jenkins-ci.plugins:icescrum

CVE-2020-27216 Vulnerability in maven package org.eclipse.jetty:jetty-webapp

CVE-2019-1003065 Vulnerability in maven package org.jenkins-ci.plugins:cloudshare-docker

CVE-2020-2300 Vulnerability in maven package org.jenkins-ci.plugins:active-directory

CVE-2022-34817 Vulnerability in maven package de.einsundeins.jenkins.plugins.failedjobdeactivator:failedjobdeactivator

Severity

Medium

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Tags

Mitigation Vendor Advisory Third Party Advisory VDB Entry