Home > Vulnerability Database > CVE-2023-25195

Mend.io Vulnerability Database

CVE-2023-25195

Good to know:

Date: March 28, 2023

Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache Fineract. Authorized users with limited permissions can gain access to server and may be able to use server for any outbound traffic. This issue affects Apache Fineract: from 1.4 through 1.8.3.

Language: Java

Severity Score

8.1

Related Resources (5)

Url: https://lists.apache.org/thread/m58fdjmtkfp9h4c0r4l48rv995w3qhb6

Url: https://github.com/apache/fineract/commit/3919a664d83e7356e37e059ace8b3909c74eed96

Url: https://seclists.org/oss-sec/2023/q1/194

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-25195

Url: https://www.mend.io/vulnerability-database/CVE-2023-25195

Severity Score

8.1

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

Top Fix

Upgrade Version

Upgrade to version 1.7.3,1.8.4

Learn More

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-25195

Good to know:

Date: March 28, 2023

Language: Java

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?