CVE-2024-23538

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

Low

Affected products

Apache Software Foundation / Apache Fineract0 – 1.8.5

References

MISChttps://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report
MAILING_LISThttps://lists.apache.org/thread/by32w2dylzgbqm5940x3wj7519wolqxs
MAILING_LISThttp://www.openwall.com/lists/oss-security/2024/03/29/2