CVE-2022-44635

Apache Fineract allowed an authenticated user to perform remote code execution due to path traversal

CVSS 8.8 HIGHEPSS 68.8%CWE-22

Vexday Risk Score

33Attention

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.8EPSS 68.8%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

29 Nov 2022Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code. This issue affects Apache Fineract version 1.8.0 and prior versions. We recommend users to upgrade to 1.8.1.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Apache Software Foundation · Apache Fineract

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://lists.apache.org/thread/t8q6fmh3o6yqmy69qtqxppk9yg9wfybg http://www.openwall.com/lists/oss-security/2022/11/29/3