CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-23537: Apache Fineract: Under certain circumstances, this vulnerability allowed users, without specific permissions, to escalate their privileges to any r...

Description

Improper Privilege Management vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5.

Users are recommended to upgrade to version 1.9.0, which fixes the issue.

Classification

CVE ID: CVE-2024-23537

Affected Products

Vendor: Apache Software Foundation

Product: Apache Fineract

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.14% (probability of being exploited)

EPSS Percentile: 51.57% (scored less or equal to compared to others)

EPSS Date: 2025-03-14 (when was this score calculated)

References

https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report
https://lists.apache.org/thread/fq1ns4nprw2vqpkwwj9sw45jkwxmt9f1
http://www.openwall.com/lists/oss-security/2024/03/29/1

Timeline