Lucene search
K

4 matches found

F5 Networks
F5 Networks
added 2023/02/21 7:0 p.m.30 views

K21536299: Apache Fineract vulnerabilities CVE-2018-1289, CVE-2018-1290, and CVE-2018-1292

Security Advisory Description CVE-2018-1289 In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, the system exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' and 'sortOrder' which are appended directly with SQL...

9.8CVSS8.5AI score0.03418EPSS
Exploits0
NVD
NVD
added 2018/04/20 6:29 p.m.19 views

CVE-2018-1289

In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, the system exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' and 'sortOrder' which are appended directly with SQL statements. A hacker/user can inject/draft...

8.8CVSS8.8AI score0.02673EPSS
Exploits0References2
CVE
CVE
added 2018/04/20 6:0 p.m.52 views

CVE-2018-1289

Summary: CVE-2018-1289 affects Apache Fineract up to 1.0.0 and older 0.x-incubating releases. The vulnerability arises because REST endpoints expose domain entities with query parameters orderBy and sortOrder that are appended directly into SQL statements. This allows a hacker to craft the parame...

8.8CVSS8.8AI score0.02673EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/04/20 6:0 p.m.24 views

CVE-2018-1289

In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, the system exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' and 'sortOrder' which are appended directly with SQL statements. A hacker/user can inject/draft...

8.8AI score0.02673EPSS
Exploits0References2
Rows per page
Query Builder