CVE-2022-44635

Apache Fineract allowed an authenticated user to perform remote code execution due to path traversal

CVSS 8.8 HIGHEPSS 68.8%CWE-22

Vexday Risk Score

33Atención

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 8.8EPSS 68.8%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

29 nov 2022Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code. This issue affects Apache Fineract version 1.8.0 and prior versions. We recommend users to upgrade to 1.8.1.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Productos afectados

Apache Software Foundation · Apache Fineract

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://lists.apache.org/thread/t8q6fmh3o6yqmy69qtqxppk9yg9wfybg http://www.openwall.com/lists/oss-security/2022/11/29/3