CVE-2023-25197

{"id": "CVE-2023-25197", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.8}]}, "published": "2023-03-28T12:15:07.430", "references": [{"url": "https://lists.apache.org/thread/v0q9x86sx6f6l2nzr1z0nwm3y9qlng04", "tags": ["Mailing List", "Vendor Advisory"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread/v0q9x86sx6f6l2nzr1z0nwm3y9qlng04", "tags": ["Mailing List", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation apache fineract.\nAuthorized users may be able to exploit this for limited impact on components. \u00a0\n\nThis issue affects apache fineract: from 1.4 through 1.8.2.\n\n"}], "lastModified": "2024-11-21T07:49:17.910", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:fineract:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07B8FD75-D5C0-430D-97D7-395E75E4CFA1", "versionEndIncluding": "1.8.2", "versionStartIncluding": "1.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}