CVE-2022-44635 Vulnerability Details

  /     /     /  

CVE-2022-44635 Metadata Quick Info

CVE Published: 29/11/2022 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: apache | Vendor: Apache Software Foundation | Product: Apache Fineract
Status : PUBLISHED

---

CVE-2022-44635 Description

Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code. This issue affects Apache Fineract version 1.8.0 and prior versions. We recommend users to upgrade to 1.8.1.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-22
CWE Name: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ( Path Traversal )
Source: Apache Software Foundation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).