8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
33.2%
Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code. This issue affects Apache Fineract version 1.8.0 and prior versions. We recommend users to upgrade to 1.8.1.
CPE | Name | Operator | Version |
---|---|---|---|
apache:fineract | apache fineract | lt | 1.8.1 |
[
{
"vendor": "Apache Software Foundation",
"product": "Apache Fineract",
"versions": [
{
"version": "Apache Fineract 1.8",
"status": "affected",
"lessThanOrEqual": "1.8.0",
"versionType": "custom"
},
{
"version": "Apache Fineract 1.7",
"status": "affected",
"lessThanOrEqual": "1.7.0",
"versionType": "custom"
}
]
}
]
More
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
33.2%