Vulnerability Details CVE-2020-11977
In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.0%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 8.5
References
Products affected by CVE-2020-11977
-
cpe:2.3:a:apache:syncope:2.1.0
-
cpe:2.3:a:apache:syncope:2.1.1
-
cpe:2.3:a:apache:syncope:2.1.2
-
cpe:2.3:a:apache:syncope:2.1.3
-
cpe:2.3:a:apache:syncope:2.1.4
-
cpe:2.3:a:apache:syncope:2.1.5
-
cpe:2.3:a:apache:syncope:2.1.6