CVE-2022-44635
HIGHApache Fineract < 1.8.1 - Authenticated Remote Code Execution via Path Traversal in File Upload
Title source: llmDescription
Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code. This issue affects Apache Fineract version 1.8.0 and prior versions. We recommend users to upgrade to 1.8.1.
References (2)
Core 2
Core References
Mailing List, Vendor Advisory
https://lists.apache.org/thread/t8q6fmh3o6yqmy69qtqxppk9yg9wfybg
Mailing List, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2022/11/29/3
Scores
CVSS v3
8.8
EPSS
0.1297
EPSS Percentile
94.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-22
Status
published
Products (1)
apache/fineract
< 1.8.1
Published
Nov 29, 2022
Tracked Since
Feb 18, 2026