CVE-2022-44635

HIGH

Apache Fineract < 1.8.1 - Path Traversal

Title source: rule

Description

Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code. This issue affects Apache Fineract version 1.8.0 and prior versions. We recommend users to upgrade to 1.8.1.

References (2)

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2022/11/29/3

[Mailing List, Vendor Advisory] https://lists.apache.org/thread/t8q6fmh3o6yqmy69qtqxppk9yg9wfybg

Scores

CVSS v3 8.8

EPSS 0.1297

EPSS Percentile 93.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-22

Status published

Affected Products (1)

apache/fineract < 1.8.1

Timeline

Published Nov 29, 2022

Tracked Since Feb 18, 2026