Lucene search
GoogleOSV:CVE-2020-11977HistorySep 15, 2020 - 8:15 p.m.
CVE-2020-11977
2020-09-1520:15:13
Google
osv.dev
5
In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution.
| CPE | Name | Operator | Version |
|---|---|---|---|
| syncope | eq | syncope-2.1.3 | |
| syncope | eq | syncope-2.1.5 | |
| syncope | eq | syncope-2.1.6 | |
| syncope | eq | syncope-2.1.4 | |
| syncope | eq | syncope-2.1.1 | |
| syncope | eq | syncope-2.1.0 | |
| syncope | eq | syncope-2.1.2 |
Related
veracode
veracode
Arbitrary Code Execution
2020-09-15 04:34:21
osv
osv
Shell command injection in Apache Syncope
2021-06-16 17:19:12
prion
prion
Remote code execution
2020-09-15 20:15:00
github
github
Shell command injection in Apache Syncope
2021-06-16 17:19:12
cvelist
cvelist
CVE-2020-11977
2020-09-15 19:02:51
nvd
nvd
CVE-2020-11977
2020-09-15 20:15:13
cve
cve
CVE-2020-11977
2020-09-15 20:15:13