Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2020-17514

Apache Fineract prior to 1.5.0 disables HTTPS hostname verification in ProcessorHelper in the configureClient method. Under typical deployments, a man in the middle attack could be successful.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.015
EPSS Ranking 79.9%
CVSS Severity
CVSS v3 Score 7.4
CVSS v2 Score 5.8
Products affected by CVE-2020-17514
  • Apache » Fineract » Version: N/A
    cpe:2.3:a:apache:fineract:-
  • Apache » Fineract » Version: 0.1.2
    cpe:2.3:a:apache:fineract:0.1.2
  • Apache » Fineract » Version: 0.3.1
    cpe:2.3:a:apache:fineract:0.3.1
  • Apache » Fineract » Version: 0.3.2
    cpe:2.3:a:apache:fineract:0.3.2
  • Apache » Fineract » Version: 0.4.0
    cpe:2.3:a:apache:fineract:0.4.0
  • Apache » Fineract » Version: 0.4.0-incubating
    cpe:2.3:a:apache:fineract:0.4.0-incubating
  • Apache » Fineract » Version: 0.5.0
    cpe:2.3:a:apache:fineract:0.5.0
  • Apache » Fineract » Version: 0.5.0-incubating
    cpe:2.3:a:apache:fineract:0.5.0-incubating
  • Apache » Fineract » Version: 0.6.0
    cpe:2.3:a:apache:fineract:0.6.0
  • Apache » Fineract » Version: 0.6.0-incubating
    cpe:2.3:a:apache:fineract:0.6.0-incubating
  • Apache » Fineract » Version: 1.0.0
    cpe:2.3:a:apache:fineract:1.0.0
  • Apache » Fineract » Version: 1.1.0
    cpe:2.3:a:apache:fineract:1.1.0
  • Apache » Fineract » Version: 1.2.0
    cpe:2.3:a:apache:fineract:1.2.0
  • Apache » Fineract » Version: 1.3.0
    cpe:2.3:a:apache:fineract:1.3.0
  • Apache » Fineract » Version: 1.4.0
    cpe:2.3:a:apache:fineract:1.4.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved