Apache Fineract before 1.5.0 disables HTTPS hostname verification in ProcessorHelper in the configureClient method. Under typical deployments, a man in the middle attack could be successful.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache fineract |