Apache Fineract Vulnerabilities

Apache Fineract is a powerful platform poised to make a significant impact in the world of digital financial services. Apache Fineract is not immune to security vulnerabilities.

Recently, three vulnerabilities have been identified in Apache Fineract – CVE-2023-25195, CVE-2023-25196, and CVE-2023-25197 – that could potentially allow attackers to gain access to sensitive data or take control of systems.

SQL Injection Vulnerability in Certain Procedure Calls

This vulnerability tracked as CVE-2023-25197, stems from the improper neutralization of special elements used in SQL commands. As a result, authorized users could potentially exploit this vulnerability to have a limited impact on certain components within the Apache Fineract system. This vulnerability has a moderate severity and affects versions 1.4 through 1.8.2 of Apache Fineract.

SQL Injection Vulnerability in Apache Fineract

This vulnerability tracked as CVE-2023-25196, also involves improper neutralization of special elements used in SQL commands. However, in this case, authorized users could potentially exploit the vulnerability to change or add data in certain components within the Apache Fineract system, which makes this vulnerability more severe than CVE-2023-25197. This vulnerability affects versions 1.4 through 1.8.2 of Apache Fineract.

SSRF Template Type Vulnerability in Certain Authenticated Users

This vulnerability tracked as CVE-2023-25195 involves a Server-Side Request Forgery (SSRF) issue in Apache Fineract. Authorized users with limited permissions could potentially exploit this vulnerability to gain access to the server and use it for any outbound traffic. This vulnerability affects versions 1.4 through 1.8.3 of Apache Fineract.