Lucene search
ApacheCVELIST:CVE-2024-23537HistoryMar 29, 2024 - 2:38 p.m.
CVE-2024-23537 Apache Fineract: Under certain circumstances, this vulnerability allowed users, without specific permissions, to escalate their privileges to any role.
2024-03-2914:38:05
CWE-269
apache
www.cve.org
apache fineract
privilege escalation
vulnerability
upgrade
8.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
8.6 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%
Improper Privilege Management vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5.
Users are recommended to upgrade to version 1.9.0, which fixes the issue.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Apache Fineract",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "1.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
cnvd
cnvd
Apache Fineract Elevation of Privilege Vulnerability
2024-04-02 00:00:00
cve
cve
CVE-2024-23537
2024-03-29 15:15:10
nvd
nvd
CVE-2024-23537
2024-03-29 15:15:10
8.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
8.6 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%
Related for CVELIST:CVE-2024-23537