2 results (0.008 seconds)

CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0

Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.This issue affects CAS: through 7.0.0-RC7. It is unknown whether in new versions the issue will be fixed. For the date of publication there is no patch, and the vendor does not treat it as a vulnerability. Vulnerabilidad de autenticación incorrecta en Apereo CAS en jakarta.servlet.http.HttpServletRequest.getRemoteAddr permite omitir la autenticación multifactor. Este problema afecta a CAS: hasta 7.0.0-RC7. • https://cert.pl/en/posts/2023/11/CVE-2023-4612 https://cert.pl/posts/2023/11/CVE-2023-4612 • CWE-287: Improper Authentication CWE-302: Authentication Bypass by Assumed-Immutable Data •

CVSS: 6.1EPSS: 17%CPEs: 2EXPL: 0

Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints. Apereo CAS versiones hasta 6.4.1, permite un ataque de tipo XSS por medio de peticiones POST enviadas a los endpoints de la API REST • https://apereo.github.io/2021/10/18/restvuln https://github.com/apereo/cas/releases • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •