CVE-2024-23539

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

High

Affected products

Apache Software Foundation / Apache Fineract0 – 1.8.4

References

MISChttps://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report
MAILING_LISThttps://lists.apache.org/thread/g8sv1gnjv716lx2h89jbvjdgtrrjmy7h
MAILING_LISThttp://www.openwall.com/lists/oss-security/2024/03/29/3