CVE-2024-23538

Опубликовано: 29 мар. 2024

Источник: nvd

CVSS3: 9.9

CVSS3: 9.8

EPSS Низкий

Описание

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5.

Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue.

Ссылки

http://www.openwall.com/lists/oss-security/2024/03/29/2
Mailing List
https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report
Vendor Advisory
https://lists.apache.org/thread/by32w2dylzgbqm5940x3wj7519wolqxs
Mailing List
Vendor Advisory
http://www.openwall.com/lists/oss-security/2024/03/29/2
Mailing List
https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report
Vendor Advisory
https://lists.apache.org/thread/by32w2dylzgbqm5940x3wj7519wolqxs
Mailing List
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:fineract:*:*:*:*:*:*:*:*

Версия до 1.9.0 (исключая)

EPSS

Процентиль: 49%

0.00257

Низкий

9.9 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-x73g-5x4f-9mqr

CVSS3: 9.9

github

почти 2 года назад

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue.

EPSS

Процентиль: 49%

0.00257

Низкий

9.9 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-89