admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 09:41:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2018/CVE-2018-13xx/CVE-2018-1322.json

215 lines
7.4 KiB
JSON
Raw Normal View History

bootstrap
2023-04-24 12:24:31 +02:00
{
"id": "CVE-2018-1322",
"sourceIdentifier": "security@apache.org",
"published": "2018-03-20T17:29:00.300",
"lastModified": "2019-03-08T15:15:59.670",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters."
},
{
"lang": "es",
"value": "Un administrador con privilegios de b\u00fasqueda de usuarios en Apache Syncope, en versiones 1.2.x anteriores a la 1.2.11, versiones 2.0.x anteriores a la 2.0.8 y versiones 1.0.x y 1.1.x no soportadas que tambi\u00e9n podr\u00edan verse afectadas, puede recuperar valores sensibles para la seguridad empleando los par\u00e1metros fiql y orderby."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:syncope:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.2.0",
"versionEndExcluding": "1.2.11",
"matchCriteriaId": "C352FD95-915E-4382-8020-8D5F738D63A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:syncope:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0.0",
"versionEndExcluding": "2.0.8",
"matchCriteriaId": "0664E504-BA1D-40C9-A4B2-53DCF4BDDA1E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:syncope:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E4BEECD-5BE6-4ADE-AB9F-82631A582D27"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:syncope:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "682C36BC-D3E7-4203-9793-313CC72DA62D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:syncope:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B34E99B4-4EAD-47D8-BDE4-235836F85E8E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:syncope:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8C28DB5E-FDC8-4D6C-8652-62071084AFE1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:syncope:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EE1F61F6-8D9B-4DD3-9212-42AE1F399A27"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:syncope:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B181F2-B240-47CA-B5DD-9C5906D8E3B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:syncope:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6F9EEDCA-AE77-42C0-A99A-F7DF126E7901"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:syncope:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BE2E485D-8AA7-45B1-B436-D0C2260EE182"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:syncope:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A4CE370-0229-4408-A2B1-5677B6ACDB3F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:syncope:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3FAA0C0-9FB0-4F63-BA1F-6AF504E6FFFA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:syncope:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "904FD046-B8DF-4842-9DEA-78D03AF0394E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:syncope:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0DBE0A5E-0576-4D6E-B5F9-C122405EA691"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:syncope:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A68014D4-1B64-478C-BBC2-168DB2FBF124"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:syncope:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7B5E2D4B-9BDE-432C-8269-4AE65586D2F4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:syncope:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "85F12537-6086-4F5C-A875-F9139A3B56B6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:syncope:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE40770-AC7A-4E5F-B7A0-37E9BBE55811"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:syncope:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4BB19E5F-707F-4F2F-93FF-619784E02D40"
}
]
}
]
}
],
"references": [
{
"url": "http://syncope.apache.org/security.html#CVE-2018-1322:_Information_disclosure_via_FIQL_and_ORDER_BY_sorting",
"source": "security@apache.org",
"tags": [
"Mitigation",
"Vendor Advisory"
]
},
{
"url": "http://www.securityfocus.com/bid/103507",
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.exploit-db.com/exploits/45400/",
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}
Reference in New Issue Copy Permalink