CVE-2020-11977

In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution.

CVSS v3 7.2 HIGH
CVSS v2.0 8.5 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

8.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:S/C:C/I:C/A:C

Exploitability : 6.8 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://syncope.apache.org/security#CVE-2020-11977:_Remote_Code_Execution_via_Flowable_workflow_definition	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:syncope:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-09-15 20:15

Updated : 2024-02-04 21:00

NVD link : CVE-2020-11977

Mitre link : CVE-2020-11977

CVE.ORG link : CVE-2020-11977

JSON object : View

Products Affected

apache

syncope

CWE

NVD-CWE-noinfo

{"id": "CVE-2020-11977", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 8.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2020-09-15T20:15:13.040", "references": [{"url": "https://syncope.apache.org/security#CVE-2020-11977:_Remote_Code_Execution_via_Flowable_workflow_definition", "tags": ["Vendor Advisory"], "source": "security@apache.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution."}, {"lang": "es", "value": "En Apache Syncope versiones 2.1.X anteriores a 2.1.7, cuando la extensi\u00f3n Flowable est\u00e1 habilitada, un administrador con derechos de flujo de trabajo (workflow) puede usar Shell Service Tasks para llevar a cabo operaciones maliciosas, incluyendo pero sin limitarse a una lectura de archivos, una escritura de archivos y una ejecuci\u00f3n de c\u00f3digo"}], "lastModified": "2020-09-24T13:42:34.213", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:syncope:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19F75F8C-F0A1-45E6-A900-24A45BE2ACD8", "versionEndExcluding": "2.1.7", "versionStartIncluding": "2.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}