CVE-2020-11977

Summary

In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution.

Affected Software

VendorProductVersion RangeStatus
n/aApache SyncopeApache Syncope 2.1.X releases prior to 2.1.7affected

Weaknesses

  • Apache Syncope: Remote Code Execution via Flowable workflow definition

ADP Enrichment

CVE Program Container

Additional References

References