Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apereo central authentication service vulnerabilities and exploits

(subscribe to this query)

7.5
CVSSv3
CVE-2020-27178
Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication....
Apereo Central Authentication ServiceApereo Central Authentication Service 6.3.0
8.1
CVSSv3
CVE-2019-10754
Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong....
Apereo Central Authentication Service 6.1.0Apereo Central Authentication Service
6.1
CVSSv3
CVE-2021-42567
Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints....
Apereo Central Authentication Service
NA
CVE-2015-1169
Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via a crafted username, as demonstrated by using a wildcard and a valid password to bypass LDAP authentication....
Apereo Central Authentication Service
5.5
CVSSv3
CVE-2012-1105
An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner....
Apereo Phpcas 1.2.2Fedoraproject Fedora 15Fedoraproject Fedora 16Debian Debian Linux 8.0
8
CVE-2022-39369
phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server. The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the...
Apereo PhpcasFedoraproject Fedora 35Fedoraproject Fedora 36Fedoraproject Fedora 37
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2023-21068CVE-2023-21077unspecifiedCVE-2023-21070CVE-2023-21016file upload
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook