What is CVE-2022-44635?

CVE-2022-44635 is a vulnerability in Apache Software Foundation Fineract, classified under Path Traversal. Published 2022-11-29.

Is CVE-2022-44635 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Apache Software Foundation Fineract

CVE-2022-44635

Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code. This issue affects Apache Fineract…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.688 (99.3th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Fineract — versions Apache Fineract 1.8, Apache Fineract 1.7

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

ARPSyndicate/cvemon
fkie-cad/nvd-json-data-feeds
k0imet/pyfetch

References

lists.apache.org/thread/t8q6fmh3o6yqmy69qtqxppk9yg9wfybg
[oss-security] 20221129 CVE-2022-44635: Apache Fineract allowed an authenticated user to perform remote code execution due to path traversal (mailing-list)

Frequently asked questions

What is CVE-2022-44635?: CVE-2022-44635 is a vulnerability in Apache Software Foundation Fineract, classified under Path Traversal. Published 2022-11-29.
Is CVE-2022-44635 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.