CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11209 – Apereo CAS 2FA login improper authentication
https://notcve.org/view.php?id=CVE-2024-11209
A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The manipulation leads to improper authentication. • https://gist.github.com/0xArthurSouza/281e8ea8a797abc8371a8ced31dc5562 https://vuldb.com/?ctiid.284523 https://vuldb.com/?id.284523 https://vuldb.com/?submit.437238 • CWE-287: Improper Authentication •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11208 – Apereo CAS login session expiration
https://notcve.org/view.php?id=CVE-2024-11208
A vulnerability was found in Apereo CAS 6.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login?service. The manipulation leads to session expiration. The attack may be launched remotely. • https://gist.github.com/0xArthurSouza/ce3b89887b03cc899d5e8cb6e472b04e https://ibb.co/1LxSK2k https://vuldb.com/?ctiid.284522 https://vuldb.com/?id.284522 https://vuldb.com/?submit.437211 • CWE-613: Insufficient Session Expiration •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11207 – Apereo CAS login redirect
https://notcve.org/view.php?id=CVE-2024-11207
A vulnerability has been found in Apereo CAS 6.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login. The manipulation of the argument redirect_uri leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://gist.github.com/0xArthurSouza/68295d8fa20f18161945260fcdf842a2 https://vuldb.com/?ctiid.284521 https://vuldb.com/?id.284521 https://vuldb.com/?submit.437207 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •