CVE-2020-17514 is a vulnerability in Apache Fineract
Published on May 27, 2021
disabled hostname verificiation
Apache Fineract prior to 1.5.0 disables HTTPS hostname verification in ProcessorHelper in the configureClient method. Under typical deployments, a man in the middle attack could be successful.
Products Associated with CVE-2020-17514
Want to know whenever a new CVE is published for Apache Fineract? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache Fineract:- Version Apache Fineract and below 1.5.0 is affected.
Exploit Probability
EPSS
0.81%
Percentile
73.96%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.