CVE-2020-11977 – In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, a …

15 September 2020

Vuln ID: CVE-2020-11977

Published: 2020-09-15 20:15:13Z

Description: In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution.

Source: NVD.NIST.GOV

Date:

15 September 2020

Categorie(s):

NVD

Tag(s):

NVD

Win 95, LastPass, Kubernetes, Sandworm, Bloomtech, Frontier, 911, Aaran Leyland… – SWN #37919 April 2024
5.3M World-Check records may be leaked; how to check your records19 April 2024
Sacramento airport goes no-fly after AT&T internet cable snipped19 April 2024
Active adversary report: Ransomware hit a ceiling, but security teams at risk for more pain19 April 2024
Akira takes in $42 million in ransom payments, now targets Linux servers19 April 2024