CVE-2024-23537 – Apache Fineract: Under certain circumstances, this vulnerability allowed users, without specific permissions, to escalate their privileges to any role.
https://notcve.org/view.php?id=CVE-2024-23537
Improper Privilege Management vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.9.0, which fixes the issue. Vulnerabilidad de gestión de privilegios incorrecta en Apache Fineract. Este problema afecta a Apache Fineract: <1.8.5. Se recomienda a los usuarios actualizar a la versión 1.9.0, que soluciona el problema. • http://www.openwall.com/lists/oss-security/2024/03/29/1 https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report https://lists.apache.org/thread/fq1ns4nprw2vqpkwwj9sw45jkwxmt9f1 • CWE-269: Improper Privilege Management •
CVE-2024-23538 – Apache Fineract: Under certain system configurations, the sqlSearch parameter was vulnerable to SQL injection attacks, potentially allowing attackers to manipulate database queries.
https://notcve.org/view.php?id=CVE-2024-23538
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en Apache Fineract. Este problema afecta a Apache Fineract: <1.8.5. Se recomienda a los usuarios actualizar a la versión 1.8.5 o 1.9.0, que soluciona el problema. • http://www.openwall.com/lists/oss-security/2024/03/29/2 https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report https://lists.apache.org/thread/by32w2dylzgbqm5940x3wj7519wolqxs • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-23539 – Apache Fineract: Under certain system configurations, the sqlSearch parameter for specific endpoints was vulnerable to SQL injection attacks, potentially allowing attackers to manipulate database queries.
https://notcve.org/view.php?id=CVE-2024-23539
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en Apache Fineract. Este problema afecta a Apache Fineract: <1.8.5. Se recomienda a los usuarios actualizar a la versión 1.8.5 o 1.9.0, que soluciona el problema. • http://www.openwall.com/lists/oss-security/2024/03/29/3 https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report https://lists.apache.org/thread/g8sv1gnjv716lx2h89jbvjdgtrrjmy7h • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •