Vulnerabilities > Apache > Syncope > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-15 | CVE-2020-11977 | Unspecified vulnerability in Apache Syncope In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution. | 7.2 |
| 2018-11-06 | CVE-2018-17186 | XXE vulnerability in Apache Syncope An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution. | 7.2 |
| 2018-03-20 | CVE-2018-1321 | Improper Input Validation vulnerability in Apache Syncope An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can use XSL Transformations (XSLT) to perform malicious operations, including but not limited to file read, file write, and code execution. | 7.2 |