Lucene search
K

10 matches found

CVE
CVE
added 2024/03/29 2:37 p.m.78 views

CVE-2024-23538

CVE-2024-23538 concerns Apache Fineract prior to version 1.8.5, where an SQL Injection can be triggered by improper neutralization in the sqlSearch parameter. The vulnerability stems from unsafely constructed SQL statements, enabling an attacker to view, modify, or delete data in the backend data...

9.9CVSS9.9AI score0.01291EPSS
CVE
CVE
added 2022/11/29 12:0 a.m.67 views

CVE-2022-44635

CVE-2022-44635 affects Apache Fineract up to version 1.8.0. A path traversal vulnerability in the file upload component allows an authenticated user to trigger remote code execution. Impact and exploitability details indicate a network-remote condition with high risk (authenticated with low privi...

8.8CVSS9AI score0.68802EPSS
CVE
CVE
added 2024/03/29 2:36 p.m.67 views

CVE-2024-23539

CVE-2024-23539 affects Apache Fineract up to version 1.8.5 (pre-1.8.5). The issue is an SQL Injection vulnerability arising from improper neutralization of special elements in the sqlSearch parameter of specific endpoints, enabling an attacker to view, add, modify, or delete information in the ba...

9.8CVSS9.3AI score0.01494EPSS
CVE
CVE
added 2024/03/29 2:38 p.m.63 views

CVE-2024-23537

CVE-2024-23537 is an elevation-of-privilege vulnerability in Apache Fineract . Reports describe an improper privilege management issue that, under certain circumstances, could allow users to escalate to any role. Affected versions are listed as earlier than 1.9.0, with 1.9.0 identified as the fix...

8.8CVSS8.6AI score0.01104EPSS
CVE
CVE
added 2019/06/11 4:42 p.m.59 views

CVE-2018-11800

CVE-2018-11800 affects Apache Fineract prior to 1.3.0, enabling SQL injection through a query on the GroupSummaryCounts related table. CVSSv3 base score 9.8 (CRITICAL); CVSSv2 base score 7.5 (HIGH).

9.8CVSS9.8AI score0.05217EPSS
CVE
CVE
added 2019/06/11 4:43 p.m.52 views

CVE-2018-11801

CVE-2018-11801 pertains to Apache Fineract and is a SQL injection vulnerability present in versions before 1.3.0, allowing an attacker to execute arbitrary SQL commands via a query on a center-related table. The issue is documented across multiple sources (NVD entry and CNVD/OSV entries) with con...

9.8CVSS9.8AI score0.05217EPSS
CVE
CVE
added 2021/05/27 12:10 p.m.48 views

CVE-2020-17514

Apache Fineract up to version 1.5.0 disables HTTPS hostname verification in ProcessorHelper.configureClient, enabling potential MITM if hostname checks are not performed. This affects the client-communication security path and is documented across multiple sources (e.g., RH security pages and CVE...

7.4CVSS7.3AI score0.03401EPSS
CVE
CVE
added 2025/12/12 9:18 a.m.24 views

CVE-2025-23408

CVE-2025-23408 concerns Apache Fineract and is described as a Weak Password Requirements vulnerability. Affected versions are listed as through 1.10.1, with a fix in 1.11.0. Upgrading to the latest release (1.13.0) is advised. The root cause is a weak password policy that could undermine authenti...

8.5CVSS6.5AI score0.0044EPSS
CVE
CVE
added 2025/12/12 9:21 a.m.14 views

CVE-2025-58137

CVE-2025-58137 describes an Authorization Bypass via a User-Controlled Key in Apache Fineract (IDOR). Affected product: Apache Fineract up to 1.11.0; fixed in 1.12.1, with guidance to upgrade to 1.13.0. Root cause per CNVD: insecure direct object reference (IDOR) leading to authorization bypass. ...

8.1CVSS6.6AI score0.00333EPSS
CVE
CVE
added 2025/12/12 9:20 a.m.13 views

CVE-2025-58130

Apache Fineract is affected by an Insufficiently Protected Credentials vulnerability up to version 1.11.0. The issue is fixed in 1.12.1, and users are advised to upgrade to 1.13.0 (latest release). The primary public details indicate credential exposure risk but do not describe specific exploitat...

9.1CVSS6.5AI score0.00366EPSS