Severity
Medium
Analysis Summary
CVE-2020-17514
Apache Fineract is vulnerable to a man-in-the-middle attack, caused by an issue with disable HTTPS hostname verification in “ProcessorHelper” in the “configureClient” method. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system.
Impact
- Information disclosure
Affected Vendors
Apache
Affected Products
- Apache Fineract 0.4.0-incubating
- Apache Fineract 0.5.0-incubating
- Apache Fineract 0.6.0-incubating
- Apache Fineract 1.0.0
- Apache Fineract 1.1.0
- Apache Fineract 1.2.0
- Apache Fineract 1.3.0
- Apache Fineract 1.4.0
Remediation
Upgrade to the latest version of Apache Fineract (1.5.0 or later).