Description
An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters.
Remediation
References
http://syncope.apache.org/security.html#CVE-2018-1322:_Information_disclosure_via_FIQL_and_ORDER_BY_sorting
http://www.securityfocus.com/bid/103507
https://www.exploit-db.com/exploits/45400/
Related Vulnerabilities
CVE-2022-31023 Vulnerability in maven package com.typesafe.play:play_2.12
CVE-2023-35165 Vulnerability in npm package @aws-cdk/aws-eks
CVE-2022-0155 Vulnerability in npm package follow-redirects
CVE-2016-6816 Vulnerability in maven package org.apache.tomcat:coyote
CVE-2022-45383 Vulnerability in maven package org.jenkins-ci.plugins:support-core