{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T07:25:37.485","vulnerabilities":[{"cve":{"id":"CVE-2018-1322","sourceIdentifier":"security@apache.org","published":"2018-03-20T17:29:00.300","lastModified":"2024-11-21T03:59:37.510","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters."},{"lang":"es","value":"Un administrador con privilegios de búsqueda de usuarios en Apache Syncope, en versiones 1.2.x anteriores a la 1.2.11, versiones 2.0.x anteriores a la 2.0.8 y versiones 1.0.x y 1.1.x no soportadas que también podrían verse afectadas, puede recuperar valores sensibles para la seguridad empleando los parámetros fiql y orderby."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:syncope:*:*:*:*:*:*:*:*","versionStartIncluding":"1.2.0","versionEndExcluding":"1.2.11","matchCriteriaId":"C352FD95-915E-4382-8020-8D5F738D63A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:syncope:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.0.8","matchCriteriaId":"0664E504-BA1D-40C9-A4B2-53DCF4BDDA1E"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:syncope:1.0.0:*:*:*:*:*:*:*","matchCriteriaId":"5E4BEECD-5BE6-4ADE-AB9F-82631A582D27"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:syncope:1.0.3:*:*:*:*:*:*:*","matchCriteriaId":"682C36BC-D3E7-4203-9793-313CC72DA62D"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:syncope:1.0.4:*:*:*:*:*:*:*","matchCriteriaId":"B34E99B4-4EAD-47D8-BDE4-235836F85E8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:syncope:1.0.5:*:*:*:*:*:*:*","matchCriteriaId":"8C28DB5E-FDC8-4D6C-8652-62071084AFE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:syncope:1.0.6:*:*:*:*:*:*:*","matchCriteriaId":"EE1F61F6-8D9B-4DD3-9212-42AE1F399A27"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:syncope:1.0.7:*:*:*:*:*:*:*","matchCriteriaId":"C4B181F2-B240-47CA-B5DD-9C5906D8E3B1"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:syncope:1.0.8:*:*:*:*:*:*:*","matchCriteriaId":"6F9EEDCA-AE77-42C0-A99A-F7DF126E7901"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:syncope:1.0.9:*:*:*:*:*:*:*","matchCriteriaId":"BE2E485D-8AA7-45B1-B436-D0C2260EE182"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:syncope:1.1.0:*:*:*:*:*:*:*","matchCriteriaId":"4A4CE370-0229-4408-A2B1-5677B6ACDB3F"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:syncope:1.1.1:*:*:*:*:*:*:*","matchCriteriaId":"D3FAA0C0-9FB0-4F63-BA1F-6AF504E6FFFA"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:syncope:1.1.2:*:*:*:*:*:*:*","matchCriteriaId":"904FD046-B8DF-4842-9DEA-78D03AF0394E"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:syncope:1.1.3:*:*:*:*:*:*:*","matchCriteriaId":"0DBE0A5E-0576-4D6E-B5F9-C122405EA691"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:syncope:1.1.4:*:*:*:*:*:*:*","matchCriteriaId":"A68014D4-1B64-478C-BBC2-168DB2FBF124"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:syncope:1.1.5:*:*:*:*:*:*:*","matchCriteriaId":"7B5E2D4B-9BDE-432C-8269-4AE65586D2F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:syncope:1.1.6:*:*:*:*:*:*:*","matchCriteriaId":"85F12537-6086-4F5C-A875-F9139A3B56B6"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:syncope:1.1.7:*:*:*:*:*:*:*","matchCriteriaId":"DCE40770-AC7A-4E5F-B7A0-37E9BBE55811"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:syncope:1.1.8:*:*:*:*:*:*:*","matchCriteriaId":"4BB19E5F-707F-4F2F-93FF-619784E02D40"}]}]}],"references":[{"url":"http://syncope.apache.org/security.html#CVE-2018-1322:_Information_disclosure_via_FIQL_and_ORDER_BY_sorting","source":"security@apache.org","tags":["Mitigation","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/103507","source":"security@apache.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/45400/","source":"security@apache.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://syncope.apache.org/security.html#CVE-2018-1322:_Information_disclosure_via_FIQL_and_ORDER_BY_sorting","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/103507","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/45400/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}}]}