Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-44635

Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code. This issue affects Apache Fineract version 1.8.0 and prior versions. We recommend users to upgrade to 1.8.1.

Published

2022-11-29T15:15:10.897

Last Modified

2025-04-25T15:15:33.310

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Primary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	fineract	< 1.8.1	Yes

References

http://www.openwall.com/lists/oss-security/2022/11/29/3 Mailing List, Third Party Advisory ([email protected])
https://lists.apache.org/thread/t8q6fmh3o6yqmy69qtqxppk9yg9wfybg Mailing List, Vendor Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2022/11/29/3 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread/t8q6fmh3o6yqmy69qtqxppk9yg9wfybg Mailing List, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)