ID: CVE-2022-44635

Last Modified: Dec. 1, 2022

Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code. This issue affects Apache Fineract version 1.8.0 and prior versions. We recommend users to upgrade to 1.8.1.

Twitter Activity

Tweets last week: 0

Remaining steady

Yahoo Activity

Yahoo results: 322000000

Remaining steady

EPSS History

Current EPSS Score: 0.22009

Remaining steady


Reddit Activity

Reddit Posts: 1

Remaining steady

Github Repos

Github Repos: 1

Remaining steady

Exploits

Found exploits:

Attack Vector: Network

Attack Complexity: Low

Privileges Required: Low

User Interaction: None

Scope: Unchanged

Confidentiality: High

Integrity: High

Availability: High

Base Score: 8.8

Exploitability Score: 2.8

Impact Score: 5.9

CVSS V3: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Specialize CVSS-Score

CWE-22

Condition Configuration
OR
OR
Alle Schwachstellen für apache
Date: Nov. 29, 2022

Reference:
added:
http://www.openwall.com/lists/oss-security/2022/11/29/3



Date: Dec. 1, 2022

Base Score V3: Not defined
Exploitability Score V3: Not defined
Impact Score V3: Not defined
Cvss Vector V3: Not defined
Configuration:
added:
cpe:2.3:a:apache:fineract:*:*:*:*:*:*:*:*



                    <?xml version="1.0" ?>
<set operator="and">
    <set operator="or">
        <prop key="application" value="cpe:2.3:a:apache:fineract:*:*:*:*:*:*:*:*"/>
    </set>
</set>

                  
                      <?xml version="1.0" ?>
<set operator="and">
    <set operator="or">
        <prop key="application" value="cpe:2.3:a:apache:fineract:*:*:*:*:*:*:*:*"/>
    </set>
    <prop key="program_influence" value="input"/>
</set>