{"id":"CVE-2024-23537","summary":"Apache Fineract: Under certain circumstances, this vulnerability allowed users, without specific permissions, to escalate their privileges to any role.","details":"Improper Privilege Management vulnerability in Apache Fineract.This issue affects Apache Fineract: \u003c1.8.5.\n\nUsers are recommended to upgrade to version 1.9.0, which fixes the issue.","modified":"2026-07-09T10:21:08.442728Z","published":"2024-03-29T14:38:05.738Z","database_specific":{"unresolved_ranges":[{"source":"AFFECTED_FIELD","extracted_events":[{"fixed":"1.9.0"}]}],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/23xxx/CVE-2024-23537.json","cna_assigner":"apache","cwe_ids":["CWE-269"]},"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2024/03/29/1"},{"type":"ADVISORY","url":"https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/23xxx/CVE-2024-23537.json"},{"type":"ADVISORY","url":"https://lists.apache.org/thread/fq1ns4nprw2vqpkwwj9sw45jkwxmt9f1"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23537"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/fineract","events":[{"introduced":"0"},{"fixed":"5d96e8cc32ff63f97d5ac15e19c6fafee0c31357"}],"database_specific":{"source":"CPE_RANGE","extracted_events":[{"introduced":"0"},{"fixed":"1.9.0"}],"cpe":"cpe:2.3:a:apache:fineract:*:*:*:*:*:*:*:*"}}],"versions":["1.5.0","1.3.0","1.2.0","1.1.0","1.0.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-23537.json","vanir_signatures":[{"signature_type":"Function","target":{"function":"loanProductWithTemplateDefaults","file":"fineract-provider/src/main/java/org/apache/fineract/portfolio/loanaccount/data/LoanAccountData.java"},"id":"CVE-2024-23537-53128816","signature_version":"v1","digest":{"function_hash":"181174360658766862128973844033157685771","length":3450},"deprecated":false,"source":"https://github.com/apache/fineract/commit/5d96e8cc32ff63f97d5ac15e19c6fafee0c31357"},{"signature_type":"Line","target":{"file":"fineract-provider/src/main/java/org/apache/fineract/portfolio/loanaccount/data/LoanAccountData.java"},"id":"CVE-2024-23537-92132a6d","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["185523195225276613648453211070370195031","273085155406555805774066559873879804551","137776478546033931106959522387425741043","210006009246551972850455786661994661235"]},"deprecated":false,"source":"https://github.com/apache/fineract/commit/5d96e8cc32ff63f97d5ac15e19c6fafee0c31357"}],"vanir_signatures_modified":"2026-07-09T10:21:08Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L"}]}