CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-23539: Apache Fineract: Under certain system configurations, the sqlSearch parameter for specific endpoints was vulnerable to SQL injection attacks, poten...

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5.

Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue.

Classification

CVE ID: CVE-2024-23539

Affected Products

Vendor: Apache Software Foundation

Product: Apache Fineract

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.98% (probability of being exploited)

EPSS Percentile: 83.7% (scored less or equal to compared to others)

EPSS Date: 2025-03-14 (when was this score calculated)

References

https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report
https://lists.apache.org/thread/g8sv1gnjv716lx2h89jbvjdgtrrjmy7h
http://www.openwall.com/lists/oss-security/2024/03/29/3

Timeline

2025-02-14 00:31:37 UTC
CVE

Apache Fineract: Under certain system configurations, the sqlSearch parameter for specific endpoints was vulnerable to SQL injection attacks, poten...