[CVE-2020-11977] Apache Syncope: Remote Code Execution via Flowable workflow definition

[Francesco Chicchiriccò <ilgrosso () apache org>]

Description:
When the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to 
perform malicious operations, including but not limited to file read, file write, and code execution.

Severity: Low

Vendor: The Apache Software Foundation

Affects:
2.1.X releases prior to 2.1.7

Solution:
2.1.X users: upgrade to 2.1.7

Credit:
This issue was discovered by ch0wn of Orz Lab.