Apereo

Central Authentication Service

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-3986

  • EPSS 0.09%
  • Veröffentlicht 27.04.2025 21:00:07
  • Zuletzt bearbeitet 05.11.2025 21:37:00

A vulnerability was found in Apereo CAS 5.2.6. It has been declared as problematic. This vulnerability affects unknown code of the file cas-5.2.6\core\cas-server-core-configuration-metadata-repository\src\main\java\org\apereo\cas\metadata\rest\CasCon...

4.9

CVE-2025-3985

  • EPSS 0.11%
  • Veröffentlicht 27.04.2025 20:31:06
  • Zuletzt bearbeitet 05.11.2025 21:30:18

A vulnerability was found in Apereo CAS 5.2.6. It has been classified as problematic. This affects the function ResponseEntity of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\ManageRegist...

7.5

CVE-2025-3984

  • EPSS 0.05%
  • Veröffentlicht 27.04.2025 20:00:08
  • Zuletzt bearbeitet 05.11.2025 21:29:27

A vulnerability was found in Apereo CAS 5.2.6 and classified as critical. Affected by this issue is the function saveService of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\RegisteredServ...

9.8

CVE-2024-11209

Exploit
  • EPSS 0.21%
  • Veröffentlicht 14.11.2024 14:15:18
  • Zuletzt bearbeitet 19.11.2024 19:14:26

A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The manipulation leads to improper authentication. It is possible to initiate the attack re...

8.1

CVE-2024-11208

Exploit
  • EPSS 0.21%
  • Veröffentlicht 14.11.2024 14:15:17
  • Zuletzt bearbeitet 19.11.2024 19:38:51

A vulnerability was found in Apereo CAS 6.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login?service. The manipulation leads to session expiration. The attack may be launched remotely. The complex...

5.4

CVE-2024-11207

Exploit
  • EPSS 0.15%
  • Veröffentlicht 14.11.2024 13:15:04
  • Zuletzt bearbeitet 04.11.2025 17:57:41

A vulnerability has been found in Apereo CAS 6.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login. The manipulation of the argument redirect_uri leads to open redirect. The attack can be lau...

9.1

CVE-2024-4399

Exploit
  • EPSS 30.06%
  • Veröffentlicht 23.05.2024 06:15:11
  • Zuletzt bearbeitet 30.06.2025 18:44:29

The does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack

9.8

CVE-2023-4612

  • EPSS 0.04%
  • Veröffentlicht 09.11.2023 14:15:08
  • Zuletzt bearbeitet 26.02.2025 22:15:11

Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.This issue affects CAS: through 7.0.0-RC7. It is unknown whether in new versions the issue w...

7.5

CVE-2023-28857

  • EPSS 0.18%
  • Veröffentlicht 27.06.2023 18:15:13
  • Zuletzt bearbeitet 21.11.2024 07:56:10

Apereo CAS is an open source multilingual single sign-on solution for the web. Apereo CAS can be configured to use authentication based on client X509 certificates. These certificates can be provided via TLS handshake or a special HTTP header, such a...

6.1

CVE-2021-42567

  • EPSS 46.27%
  • Veröffentlicht 07.12.2021 22:15:06
  • Zuletzt bearbeitet 21.11.2024 06:27:49

Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints.