CVE-2020-11977

Published: Sep 15, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution.

Vendor	Product	Versions
n/a	Apache Syncope	affected `Apache Syncope 2.1.X releases prior to 2.1.7`

References

https://syncope.apache.org/security#CVE-2020-11977:_Remote_Code_Execution_via_Flowable_workflow_definition

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-11977

Description

Affected Products

References