mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-30 18:04:30 +00:00
76 lines
2.6 KiB
JSON
76 lines
2.6 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "security@apache.org",
|
|
"DATE_PUBLIC": "2018-03-21T00:00:00",
|
|
"ID": "CVE-2018-1322",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Apache Syncope",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "Releases prior to 1.2.11, Releases prior to 2.0.8"
|
|
},
|
|
{
|
|
"version_value": "The unsupported Releases 1.0.x, 1.1.x may be also affected."
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "Apache Software Foundation"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Information disclosure"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "http://syncope.apache.org/security.html#CVE-2018-1322:_Information_disclosure_via_FIQL_and_ORDER_BY_sorting",
|
|
"refsource": "MISC",
|
|
"url": "http://syncope.apache.org/security.html#CVE-2018-1322:_Information_disclosure_via_FIQL_and_ORDER_BY_sorting"
|
|
},
|
|
{
|
|
"name": "103507",
|
|
"refsource": "BID",
|
|
"url": "http://www.securityfocus.com/bid/103507"
|
|
},
|
|
{
|
|
"name": "45400",
|
|
"refsource": "EXPLOIT-DB",
|
|
"url": "https://www.exploit-db.com/exploits/45400/"
|
|
}
|
|
]
|
|
}
|
|
} |