CVE-2024-23538

moderate-risk
Published 2024-03-29

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue.

Do I need to act?

-
0.26% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: 5d96e8cc32ff63f97d5ac15e19c6fafee0c31357
9
CVSS 9.9/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Apache

References (6)

Mailing List http://www.openwall.com/lists/oss-security/2024/03/29/2
Vendor Advisory https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Re...
Mailing List https://lists.apache.org/thread/by32w2dylzgbqm5940x3wj7519wolqxs
Mailing List http://www.openwall.com/lists/oss-security/2024/03/29/2
Vendor Advisory https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Re...
Mailing List https://lists.apache.org/thread/by32w2dylzgbqm5940x3wj7519wolqxs
39
/ 100
moderate-risk
Severity 33/34 · Critical
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal