4 matches found
CVE-2020-17514
Apache Fineract prior to 1.5.0 disables HTTPS hostname verification in ProcessorHelper in the configureClient method. Under typical deployments, a man in the middle attack could be successful...
CVE-2020-17514
Apache Fineract prior to 1.5.0 disables HTTPS hostname verification in ProcessorHelper in the configureClient method. Under typical deployments, a man in the middle attack could be successful...
CVE-2020-17514 disabled hostname verificiation
Apache Fineract prior to 1.5.0 disables HTTPS hostname verification in ProcessorHelper in the configureClient method. Under typical deployments, a man in the middle attack could be successful...
CVE-2020-17514
Apache Fineract up to version 1.5.0 disables HTTPS hostname verification in ProcessorHelper.configureClient, enabling potential MITM if hostname checks are not performed. This affects the client-communication security path and is documented across multiple sources (e.g., RH security pages and CVE...