CVE-2020-17514
published 2021-05-27CVE-2020-17514: Apache Fineract prior to 1.5.0 disables HTTPS hostname verification in ProcessorHelper in the configureClient method. Under typical deployments, a man in the…
high7.4CVSS 3.1
AVNACHPRNUINSUCHIHAN
Apache Fineract prior to 1.5.0 disables HTTPS hostname verification in ProcessorHelper in the configureClient method. Under typical deployments, a man in the middle attack could be successful.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | fineract | < 1.5.0 | 1.5.0 |
| apache_software_foundation | apache_fineract | >= Apache Fineract < 1.5.0 | 1.5.0 |