Sensitive Security Value Recovery Vulnerability in Apache Syncope
CVE-2018-1322 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:N/A:N
An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters.
Learn more about our Cis Benchmark Audit For Apache Http Server.