Vulnerabilities > CVE-2020-11977 - Unspecified vulnerability in Apache Syncope
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE network
apache
Summary
In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 7 |