Fineract@1.4.0 Security Vulnerabilities and Issues — Fineract@1.4.0 CVE List

Lucene search

ApacheFineract1.4.0

4 matches found

CVE•added 2025/02/12 10:15 a.m.•89 views

CVE-2024-32838

SQL Injection vulnerability in various API endpoints - offices, dashboards, etc. Apache Fineract versions 1.9 and before have a vulnerability that allows an authenticated attacker to inject malicious data into some of the REST API endpoints' query parameter. Users are recommended to upgrade to vers...

9.4CVSS7.7AI score0.00065EPSS

CVE•added 2023/03/28 12:15 p.m.•56 views

CVE-2023-25197

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation apache fineract.Authorized users may be able to exploit this for limited impact on components. This issue affects apache fineract: from 1.4 through 1.8.2.

6.3CVSS6.6AI score0.00127EPSS

CVE•added 2023/03/28 12:15 p.m.•52 views

CVE-2023-25195

Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache Fineract.Authorized users with limited permissions can gain access to server and may be able to use server for any outbound traffic. This issue affects Apache Fineract: from 1.4 through 1.8.3.

8.1CVSS8.2AI score0.00084EPSS

CVE•added 2023/03/28 12:15 p.m.•50 views

CVE-2023-25196

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache Fineract.Authorized users may be able to change or add data in certain components. This issue affects Apache Fineract: from 1.4 through 1.8.2.

4.3CVSS5AI score0.00322EPSS