{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "1.2.0" }, { "fixed": "1.2.11" }, { "introduced": "2.0.0" }, { "fixed": "2.0.8" }, { "introduced": "0" }, { "last_affected": "1.0.0" }, { "introduced": "0" }, { "last_affected": "1.0.4" }, { "introduced": "0" }, { "last_affected": "1.0.5" }, { "introduced": "0" }, { "last_affected": "1.0.6" }, { "introduced": "0" }, { "last_affected": "1.0.7" }, { "introduced": "0" }, { "last_affected": "1.0.8" }, { "introduced": "0" }, { "last_affected": "1.0.9" }, { "introduced": "0" }, { "last_affected": "1.1.0" }, { "introduced": "0" }, { "last_affected": "1.1.1" }, { "introduced": "0" }, { "last_affected": "1.1.2" }, { "introduced": "0" }, { "last_affected": "1.1.3" }, { "introduced": "0" }, { "last_affected": "1.1.4" }, { "introduced": "0" }, { "last_affected": "1.1.5" }, { "introduced": "0" }, { "last_affected": "1.1.6" }, { "introduced": "0" }, { "last_affected": "1.1.7" }, { "introduced": "0" }, { "last_affected": "1.1.8" }, { "introduced": "0" }, { "last_affected": "1.2.0-milestone1" } ] }, "events": [ { "introduced": "c4c9de1b34920110f6c0e4feaf62e1d197ec872b" }, { "fixed": "1583964bffaf14ec90641a11523bb75aef8097e3" }, { "introduced": "973afc777d2f8093785875c62e808d97334fb2e3" }, { "fixed": "7a012b5de2f91fc056eb8a8a14c720ea91bfaf58" }, { "introduced": "0" }, { "last_affected": "f198eed905720cce150cafb4e2a874deee8dc016" }, { "introduced": "0" }, { "last_affected": "8b62a2e923ab2fab44ce2538eb2c21aa5f6475b7" }, { "introduced": "0" }, { "last_affected": "ff38cce6001be2beab8f473c10fde16fd6b630b0" }, { "introduced": "0" }, { "last_affected": "b9bda1e152b716a0c158c4df60fadcbacc1edbff" }, { "introduced": "0" }, { "last_affected": "92686fd8dec67102e69ea92e2d6e6dfba4bb2cd4" }, { "introduced": "0" }, { "last_affected": "67ecd5e5ba49af8f3404308d16fc54b93723c784" }, { "introduced": "0" }, { "last_affected": "9e63009b8f776d4a1f3ed0093e356b52e8be7fdc" }, { "introduced": "0" }, { "last_affected": "87094b50b419964179136173e558cb8be631992f" }, { "introduced": "0" }, { "last_affected": "e4f5338b36b683869d1aa24f1b3c3177800f2e40" }, { "introduced": "0" }, { "last_affected": "437247062d334a4d61c6fbfddabe412c7a765be3" }, { "introduced": "0" }, { "last_affected": "0381734dfaf6c7abc0a47d7cf53ac9870d2ee742" }, { "introduced": "0" }, { "last_affected": "aa3ee89288a0addadddbf07664a07895423c6c20" }, { "introduced": "0" }, { "last_affected": "d8df634720e387d5d8678d173d8d0e4cbad1b70d" }, { "introduced": "0" }, { "last_affected": "ab5259eb5bee4235860ebdb54ff98e9e57e95d26" }, { "introduced": "0" }, { "last_affected": "fc285bb21589439233c4fbc879cdfac302cda124" }, { "introduced": "0" }, { "last_affected": "2836c57936c1c166a2aa14c8842f7a5832b82695" }, { "introduced": "0" }, { "last_affected": "48b3b895c73848ffed7d9d5af3dab09b16c4d8ca" } ], "repo": "https://github.com/apache/syncope", "type": "GIT" } ] } ], "details": "An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can use XSL Transformations (XSLT) to perform malicious operations, including but not limited to file read, file write, and code execution.", "id": "CVE-2018-1321", "modified": "2026-03-13T21:57:31.943415494Z", "published": "2018-03-20T17:29:00.267Z", "references": [ { "type": "ADVISORY", "url": "http://syncope.apache.org/security.html#CVE-2018-1321:_Remote_code_execution_by_administrators_with_report_and_template_entitlements" }, { "type": "ADVISORY", "url": "http://www.securityfocus.com/bid/103508" }, { "type": "ADVISORY", "url": "https://www.exploit-db.com/exploits/45400/" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }