Sensitive Security Value Recovery Vulnerability in Apache Syncope

Sensitive Security Value Recovery Vulnerability in Apache Syncope

CVE-2018-1322 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters.

Learn more about our Cis Benchmark Audit For Apache Http Server.