CVE-2022-44635

Apache Fineract allowed an authenticated user to perform remote code execution due to path traversal

CVSS 8.8 HIGHEPSS 68.8%CWE-22

Vexday Risk Score

33Atenção

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 8.8EPSS 68.8%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

29 nov 2022Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code. This issue affects Apache Fineract version 1.8.0 and prior versions. We recommend users to upgrade to 1.8.1.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Produtos afetados

Apache Software Foundation · Apache Fineract

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://lists.apache.org/thread/t8q6fmh3o6yqmy69qtqxppk9yg9wfybg http://www.openwall.com/lists/oss-security/2022/11/29/3