Lucene search
+L

177 matches found

Cvelist
Cvelist
added 2024/03/29 2:38 p.m.20 views

CVE-2024-23537 Apache Fineract: Under certain circumstances, this vulnerability allowed users, without specific permissions, to escalate their privileges to any role.

Improper Privilege Management vulnerability in Apache Fineract.This issue affects Apache Fineract: 1.8.5. Users are recommended to upgrade to version 1.9.0, which fixes the issue...

8.4CVSS8.6AI score0.01104EPSS
Exploits0References3
CVE
CVE
added 2024/03/29 2:38 p.m.73 views

CVE-2024-23537

CVE-2024-23537 is an elevation-of-privilege vulnerability in Apache Fineract . Reports describe an improper privilege management issue that, under certain circumstances, could allow users to escalate to any role. Affected versions are listed as earlier than 1.9.0, with 1.9.0 identified as the fix...

8.8CVSS8.6AI score0.01104EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/03/29 2:38 p.m.6 views

CVE-2024-23537 Apache Fineract: Under certain circumstances, this vulnerability allowed users, without specific permissions, to escalate their privileges to any role.

Improper Privilege Management vulnerability in Apache Fineract.This issue affects Apache Fineract: 1.8.5. Users are recommended to upgrade to version 1.9.0, which fixes the issue...

8.4CVSS5.9AI score0.01104EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/03/29 2:37 p.m.19 views

CVE-2024-23538 Apache Fineract: Under certain system configurations, the sqlSearch parameter was vulnerable to SQL injection attacks, potentially allowing attackers to manipulate database queries.

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Fineract.This issue affects Apache Fineract: 1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue...

9.9CVSS10AI score0.01291EPSS
Exploits0References3
CVE
CVE
added 2024/03/29 2:37 p.m.83 views

CVE-2024-23538

CVE-2024-23538 concerns Apache Fineract prior to version 1.8.5, where an SQL Injection can be triggered by improper neutralization in the sqlSearch parameter. The vulnerability stems from unsafely constructed SQL statements, enabling an attacker to view, modify, or delete data in the backend data...

9.9CVSS9.9AI score0.01291EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/29 2:37 p.m.12 views

CVE-2024-23538 Apache Fineract: Under certain system configurations, the sqlSearch parameter was vulnerable to SQL injection attacks, potentially allowing attackers to manipulate database queries.

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Fineract.This issue affects Apache Fineract: 1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue...

9.9CVSS7.6AI score0.01291EPSS
Exploits0References3
OSV
OSV
added 2024/03/29 2:37 p.m.7 views

CVE-2024-23538 Apache Fineract: Under certain system configurations, the sqlSearch parameter was vulnerable to SQL injection attacks, potentially allowing attackers to manipulate database queries.

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Fineract.This issue affects Apache Fineract: 1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue...

9.9CVSS6AI score0.01291EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/03/29 2:36 p.m.19 views

CVE-2024-23539 Apache Fineract: Under certain system configurations, the sqlSearch parameter for specific endpoints was vulnerable to SQL injection attacks, potentially allowing attackers to manipulate database queries.

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Fineract.This issue affects Apache Fineract: 1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue...

8.3CVSS8.8AI score0.01494EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/03/29 2:36 p.m.19 views

CVE-2024-23539 Apache Fineract: Under certain system configurations, the sqlSearch parameter for specific endpoints was vulnerable to SQL injection attacks, potentially allowing attackers to manipulate database queries.

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Fineract.This issue affects Apache Fineract: 1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue...

8.3CVSS7.6AI score0.01494EPSS
Exploits0References3
CVE
CVE
added 2024/03/29 2:36 p.m.72 views

CVE-2024-23539

CVE-2024-23539 affects Apache Fineract up to version 1.8.5 (pre-1.8.5). The issue is an SQL Injection vulnerability arising from improper neutralization of special elements in the sqlSearch parameter of specific endpoints, enabling an attacker to view, add, modify, or delete information in the ba...

9.8CVSS9.3AI score0.01494EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/03/29 2:36 p.m.8 views

CVE-2024-23539 Apache Fineract: Under certain system configurations, the sqlSearch parameter for specific endpoints was vulnerable to SQL injection attacks, potentially allowing attackers to manipulate database queries.

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Fineract.This issue affects Apache Fineract: 1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue...

8.3CVSS6AI score0.01494EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/03/29 12:0 a.m.6 views

Apache Fineract SQL注入漏洞

Apache Fineract is a set of open source digital financial services platform from the U.S. Apache Apache Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. Apache Fineract versions prior to 1.8.5...

9.9CVSS7.6AI score0.01291EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/03/29 12:0 a.m.7 views

Apache Fineract SQL注入漏洞

Apache Fineract is a set of open source digital financial services platform from the U.S. Apache Apache Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. Apache Fineract versions prior to 1.8.5...

9.8CVSS7.6AI score0.01494EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/03/29 12:0 a.m.7 views

PT-2024-19927 · Apache · Apache Fineract

Name of the Vulnerable Software and Affected Versions: Apache Fineract versions prior to 1.8.5 Apache Fineract version 1.9.0 is the fixed version, so all versions prior to 1.9.0 are affected, but since 1.8.5 is the last affected version, the correct statement is: Apache Fineract versions prior to...

8.8CVSS6.8AI score0.01104EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/03/29 12:0 a.m.6 views

PT-2024-19928 · Apache · Apache Fineract

Name of the Vulnerable Software and Affected Versions: Apache Fineract versions prior to 1.8.5 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation. Users are advised t...

9.9CVSS8.4AI score0.01291EPSS
Exploits0References9
CNNVD
CNNVD
added 2024/03/29 12:0 a.m.6 views

Apache Fineract 安全漏洞

Apache Fineract is a set of open source digital financial services platform from the U.S. Apache Apache Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. Apache Fineract suffers from an elevatio...

8.8CVSS7.2AI score0.01104EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2023/04/02 12:0 a.m.10 views

The vulnerability of the Apache Fineract digital financial services platform, related to the lack of protection for the SQL query structure, allows attackers to gain access to read, modify, or delete data.

The vulnerability of the Apache Fineract digital financial services platform relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker operating remotely to gain read, modify, or delete access to data...

8.9CVSS5.6AI score0.01297EPSS
Exploits0References5Affected Software1
CNVD
CNVD
added 2023/03/30 12:0 a.m.25 views

Apache Fineract SQL Injection Vulnerability (CNVD-2023-23557)

Apache Fineract is an open source digital financial services platform from the Apache Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other features. Apache Fineract versions 1.4 to 1.8.3 have a SQL injection...

6.3CVSS7AI score0.01055EPSS
Exploits0References1
CNVD
CNVD
added 2023/03/30 12:0 a.m.49 views

Apache Fineract Server Request Forgery Vulnerability

Apache Fineract is an open source system for platformizing core banking systems. A reliable, robust and affordable financial services solution for entrepreneurs, financial institutions and service providers. A server-side request forgery vulnerability exists in Apache Fineract versions 1.4 throug...

8.1CVSS8AI score0.00982EPSS
Exploits0References1
NVD
NVD
added 2023/03/28 12:15 p.m.21 views

CVE-2023-25195

Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache Fineract. Authorized users with limited permissions can gain access to server and may be able to use server for any outbound traffic. This issue affects Apache Fineract: from 1.4 through 1.8.3...

8.1CVSS8.2AI score0.00982EPSS
Exploits0References1
Rows per page
Query Builder