CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11209 – Apereo CAS 2FA login improper authentication
https://notcve.org/view.php?id=CVE-2024-11209
A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The manipulation leads to improper authentication. • https://gist.github.com/0xArthurSouza/281e8ea8a797abc8371a8ced31dc5562 https://vuldb.com/?ctiid.284523 https://vuldb.com/?id.284523 https://vuldb.com/?submit.437238 • CWE-287: Improper Authentication •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11208 – Apereo CAS login session expiration
https://notcve.org/view.php?id=CVE-2024-11208
A vulnerability was found in Apereo CAS 6.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login?service. The manipulation leads to session expiration. The attack may be launched remotely. • https://gist.github.com/0xArthurSouza/ce3b89887b03cc899d5e8cb6e472b04e https://ibb.co/1LxSK2k https://vuldb.com/?ctiid.284522 https://vuldb.com/?id.284522 https://vuldb.com/?submit.437211 • CWE-613: Insufficient Session Expiration •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11207 – Apereo CAS login redirect
https://notcve.org/view.php?id=CVE-2024-11207
A vulnerability has been found in Apereo CAS 6.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login. The manipulation of the argument redirect_uri leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://gist.github.com/0xArthurSouza/68295d8fa20f18161945260fcdf842a2 https://vuldb.com/?ctiid.284521 https://vuldb.com/?id.284521 https://vuldb.com/?submit.437207 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16153
https://notcve.org/view.php?id=CVE-2018-16153
An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations. Se descubrió un problema en Apereo Opencast 4.x a 10.x antes de 10.6. Envía credenciales de resumen del sistema durante los intentos de autenticación a servicios externos arbitrarios en algunas situaciones. • https://docs.opencast.org/r/10.x/admin/#changelog https://github.com/advisories/GHSA-hcxx-mp6g-6gr9 https://github.com/opencast/opencast/commit/776d5588f39c61eb04c03bb955416c4f77629d51 https://www.apereo.org/projects/opencast/news • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-4612 – MFA bypass in Apereo CAS
https://notcve.org/view.php?id=CVE-2023-4612
Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.This issue affects CAS: through 7.0.0-RC7. It is unknown whether in new versions the issue will be fixed. For the date of publication there is no patch, and the vendor does not treat it as a vulnerability. Vulnerabilidad de autenticación incorrecta en Apereo CAS en jakarta.servlet.http.HttpServletRequest.getRemoteAddr permite omitir la autenticación multifactor. Este problema afecta a CAS: hasta 7.0.0-RC7. • https://cert.pl/en/posts/2023/11/CVE-2023-4612 https://cert.pl/posts/2023/11/CVE-2023-4612 • CWE-287: Improper Authentication CWE-302: Authentication Bypass by Assumed-Immutable Data •