Vulnerabilities > Apache > Syncope > 1.0.3

DATE CVE VULNERABILITY TITLE RISK
2018-03-20 CVE-2018-1322 Information Exposure vulnerability in Apache Syncope
An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters.
network
low complexity
apache CWE-200
4.0