CVE-2020-11977 - OpenCVE

In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:S/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Apache	Syncope

Configuration 1 [-]

cpe:2.3:a:apache:syncope:*:*:*:*:*:*:*:*

References

Link	Resource
https://syncope.apache.org/security#CVE-2020-11977:_Remote_Code_Execution_via_Flowable_workflow_definition	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: apache

Published: 2020-09-15T19:02:51

Updated: 2020-09-15T19:02:51

Reserved: 2020-04-21T00:00:00

Link: CVE-2020-11977

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-09-15T20:15:13.040

Modified: 2020-09-24T13:42:34.213

Link: CVE-2020-11977

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "Apache Syncope", "vendor": "n/a", "versions": [{"status": "affected", "version": "Apache Syncope 2.1.X releases prior to 2.1.7"}]}], "descriptions": [{"lang": "en", "value": "In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution."}], "problemTypes": [{"descriptions": [{"description": "Apache Syncope: Remote Code Execution via Flowable workflow definition", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-09-15T19:02:51", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://syncope.apache.org/security#CVE-2020-11977:_Remote_Code_Execution_via_Flowable_workflow_definition"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2020-11977", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Syncope", "version": {"version_data": [{"version_value": "Apache Syncope 2.1.X releases prior to 2.1.7"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Apache Syncope: Remote Code Execution via Flowable workflow definition"}]}]}, "references": {"reference_data": [{"name": "https://syncope.apache.org/security#CVE-2020-11977:_Remote_Code_Execution_via_Flowable_workflow_definition", "refsource": "MISC", "url": "https://syncope.apache.org/security#CVE-2020-11977:_Remote_Code_Execution_via_Flowable_workflow_definition"}]}}}}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2020-11977", "datePublished": "2020-09-15T19:02:51", "dateReserved": "2020-04-21T00:00:00", "dateUpdated": "2020-09-15T19:02:51", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:syncope:*:*:*:*:*:*:*:*", "matchCriteriaId": "19F75F8C-F0A1-45E6-A900-24A45BE2ACD8", "versionEndExcluding": "2.1.7", "versionStartIncluding": "2.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution."}, {"lang": "es", "value": "En Apache Syncope versiones 2.1.X anteriores a 2.1.7, cuando la extensi\u00f3n Flowable est\u00e1 habilitada, un administrador con derechos de flujo de trabajo (workflow) puede usar Shell Service Tasks para llevar a cabo operaciones maliciosas, incluyendo pero sin limitarse a una lectura de archivos, una escritura de archivos y una ejecuci\u00f3n de c\u00f3digo"}], "id": "CVE-2020-11977", "lastModified": "2020-09-24T13:42:34.213", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-09-15T20:15:13.040", "references": [{"source": "security@apache.org", "tags": ["Vendor Advisory"], "url": "https://syncope.apache.org/security#CVE-2020-11977:_Remote_Code_Execution_via_Flowable_workflow_definition"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}