Vulnerabilities > Apache > Syncope > 1.1.2

DATE CVE VULNERABILITY TITLE RISK
2018-03-20 CVE-2018-1322 Information Exposure vulnerability in Apache Syncope
An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters.
network
low complexity
apache CWE-200
4.0
4.0
2018-03-20 CVE-2018-1321 Improper Input Validation vulnerability in Apache Syncope
An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can use XSL Transformations (XSLT) to perform malicious operations, including but not limited to file read, file write, and code execution.
network
low complexity
apache CWE-20
6.5
6.5
2014-07-11 CVE-2014-3503 Cryptographic Issues vulnerability in Apache Syncope
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.
network
low complexity
apache CWE-310
5.0
5.0