In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2024-08-04T11:48:57.570Z

Reserved: 2020-04-21T00:00:00

Link: CVE-2020-11977

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-09-15T20:15:13.040

Modified: 2024-11-21T04:59:01.910

Link: CVE-2020-11977

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.