Apache Fineract is an open-source, Java-based financial services software. This vulnerability affects the weak password requirements in Apache Fineract, allowing attackers to bypass authentication and gain unauthorized access to sensitive data.
Apache Fineract is an open-source, Java-based financial services software. This vulnerability affects the weak password requirements in Apache Fineract, allowing attackers to bypass authentication and gain unauthorized access to sensitive data.
Apache Fineract versions 1.0.0 through 1.10.1 are affected. Check with: find / -name "fineract-*.jar" 2>/dev/null
Note: This is a specific vulnerability in Apache Fineract, not to be confused with other software or vulnerabilities.
Upgrade to version 1.11.0 or later from the official Apache Software Foundation repository.
- Alternatively, apply immediate mitigations:
- Restrict network access to your Fineract instance (firewall it from the public internet).
- Audit admin account activity for suspicious access patterns.
- Monitor for unauthorized token creation.