An administrator with user search entitlements in Apache Syncope 1.2.x prior to 1.2.11, 2.0.x prior to 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache syncope |
||
apache syncope 1.1.4 |
||
apache syncope 1.1.5 |
||
apache syncope 1.1.6 |
||
apache syncope 1.1.7 |
||
apache syncope 1.0.5 |
||
apache syncope 1.0.7 |
||
apache syncope 1.0.6 |
||
apache syncope 1.0.8 |
||
apache syncope 1.0.0 |
||
apache syncope 1.0.4 |
||
apache syncope 1.0.9 |
||
apache syncope 1.1.1 |
||
apache syncope 1.1.3 |
||
apache syncope 1.1.8 |
||
apache syncope 1.0.3 |
||
apache syncope 1.1.0 |
||
apache syncope 1.1.2 |