PT-2021-10093 · Apache · Apache Fineract

Simon Gerst

Published

2021-05-27

Updated

2021-06-07

CVE-2020-17514

CVSS v3.1

7.4

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions: Apache Fineract versions prior to 1.5.0

Description: The issue allows for a man-in-the-middle attack due to the disabling of HTTPS hostname verification in the configureClient method of ProcessorHelper. This could be successful under typical deployments.

Recommendations: For versions prior to 1.5.0, update to version 1.5.0 or later to enable HTTPS hostname verification and prevent man-in-the-middle attacks.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-17514

Affected Products

Apache Fineract

PT-2021-10093 · Apache · Apache Fineract

CVE-2020-17514

Related Identifiers

Affected Products

References · 5