CVE-2020-17514

Summary

Apache Fineract prior to 1.5.0 disables HTTPS hostname verification in ProcessorHelper in the configureClient method. Under typical deployments, a man in the middle attack could be successful.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache FineractApache Fineract < 1.5.0affected

Weaknesses

  • Missing Hostname Verification

ADP Enrichment

CVE Program Container

Additional References

References