CVE-2022-44635

CVE-2022-44635: Apache Fineract allowed an authenticated user to perform remote code execution due to path traversal

Vendor Apache Software Foundation

Product Apache Fineract

Weakness CWE-22 · Path traversal

Published November 29, 2022

Last update April 25, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code. This issue affects Apache Fineract version 1.8.0 and prior versions. We recommend users to upgrade to 1.8.1.

Key dates

Disclosure timeline

November 29, 2022 CVE published

April 25, 2025 Record updated

Identifiers

CVE CVE-2022-44635

CWE CWE-22

Affected versions

Vendor Apache Software Foundation

Product Apache Fineract

Affected ≥ Apache Fineract 1.8 and ≤ 1.8.0

Vendor Apache Software Foundation

Product Apache Fineract

Affected ≥ Apache Fineract 1.7 and ≤ 1.7.0