Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fineract vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2018-20243
The implementation of POST with the username and password in the URL parameters exposed the credentials. More infomration is available in fineract jira issues 726 and 629.
Apache Fineract 0.4.0
Apache Fineract 0.5.0
Apache Fineract 0.6.0
Apache Fineract
6.5
CVSSv2
CVE-2018-1289
In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, the system exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' and 'sortOrder' which are appended directly with SQL statem...
Apache Fineract 0.4.0
Apache Fineract 0.5.0
Apache Fineract 0.6.0
Apache Fineract 1.0.0
7.5
CVSSv2
CVE-2018-1290
In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, Using a single quotation escape with two continuous SQL parameters can cause a SQL injection. This could be done in Methods like retrieveAuditEntries of AuditsApiResource Class and retrieveCo...
Apache Fineract 0.4.0
Apache Fineract 0.5.0
Apache Fineract 0.6.0
Apache Fineract 1.0.0
5.5
CVSSv2
CVE-2018-1292
Within the 'getReportType' method in Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, a hacker could inject SQL to read/update data for which he doesn't have authorization for by way of the 'reportName' parameter.
Apache Fineract 0.4.0
Apache Fineract 0.5.0
Apache Fineract 0.6.0
Apache Fineract 1.0.0
5.5
CVSSv2
CVE-2018-1291
Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' which are appended directly with SQL statements. A hacker/user can inject/draft the 'ord...
Apache Fineract 0.4.0
Apache Fineract 0.5.0
Apache Fineract 0.6.0
Apache Fineract 1.0.0
6.5
CVSSv2
CVE-2017-5663
In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT queries. The 'sqlSearch' parameter on a number of endpoints is not sanitiz...
Apache Fineract 0.4.0-incubating
Apache Fineract 0.5.0-incubating
Apache Fineract 0.6.0-incubating
5.8
CVSSv2
CVE-2020-17514
Apache Fineract before 1.5.0 disables HTTPS hostname verification in ProcessorHelper in the configureClient method. Under typical deployments, a man in the middle attack could be successful.
Apache Fineract
7.5
CVSSv2
CVE-2018-11801
SQL injection vulnerability in Apache Fineract prior to 1.3.0 allows malicious users to execute arbitrary SQL commands via a query on a m_center data related table.
Apache Fineract
7.5
CVSSv2
CVE-2018-11800
SQL injection vulnerability in Apache Fineract prior to 1.3.0 allows malicious users to execute arbitrary SQL commands via a query on the GroupSummaryCounts related table.
Apache Fineract
NA
CVE-2023-25195
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache Fineract. Authorized users with limited permissions can gain access to server and may be able to use server for any outbound traffic. This issue affects Apache Fineract: from 1.4 up to and inclu...
Apache Fineract
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400
CVE-2023-7252
CVE-2024-21111
denial of service
CVE-2024-29661
CVE-2024-22856
remote attackers
encryption
CVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »