CVE-2020-11977

Name of the Vulnerable Software and Affected Versions Apache Syncope versions prior to 2.1.7

Description The issue allows an administrator with workflow entitlements to perform malicious operations when the Flowable extension is enabled. This can include file read, file write, and code execution using Shell Service Tasks.

Recommendations For versions prior to 2.1.7, update to version 2.1.7 or later to resolve the issue. As a temporary workaround, consider disabling the Flowable extension until a patch is available. Restrict access to Shell Service Tasks to minimize the risk of exploitation.