Main Vulnerability Database Vulnerabilities #VU46695

#VU46695 Permissions, Privileges, and Access Controls in Apache Syncope - CVE-2020-11977

Published: September 14, 2020

Vulnerability identifier: #VU46695

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-11977

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Apache Syncope

Software vendor:
Apache Foundation

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions within the Flowable extension, which leads to possibility of scheduling Shell Service Tasks. A remote authenticated application administrator can read and write files and execute arbitrary code on the system.

Remediation

Install updates from vendor's website.

External links

http://seclists.org/oss-sec/2020/q3/172

#VU46695 Permissions, Privileges, and Access Controls in Apache Syncope - CVE-2020-11977

Description

Remediation

External links

Please verify you're human