Aleksandar Vidakovic

**Name of the Vulnerable Software and Affected Versions** Apache Fineract versions through 1.11.0 **Description** An authorization bypass exists in Apache Fineract due to a user-controlled key issue. This allows for potential unauthorized access. The issue is addressed in version 1.12.1, and upgrading to version 1.13.0 is recommended. **Recommendations** Upgrade to version 1.13.0 or later.

**Name of the Vulnerable Software and Affected Versions** Apache Fineract versions 1.9 and earlier **Description** A SQL injection vulnerability exists in various API endpoints, including offices and dashboards, which allows an authenticated attacker to inject malicious data into some of the query parameters of the REST API endpoints. This issue is resolved in version 1.10.1, which includes a SQL Validator to configure tests and checks against SQL queries, protecting against potential SQL injection attacks. **Recommendations** For Apache Fineract versions 1.9 and earlier, upgrade to version 1.10.1 to fix the SQL injection vulnerability. As a temporary workaround, consider restricting access to the vulnerable API endpoints until the issue is resolved.