Lucene search
K

4 matches found

vulnersOsv
vulnersOsv
added 2022/05/24 4:56 p.m.9 views

org.apereo.cas:cas-management-webapp-configuration (>=5.3.1 <=5.3.3), org.apereo.cas:cas-management-webapp-support (>=5.2.0-RC2 <=5.3.3) +214 more potentially affected by CVE-2019-10754 via org.apereo.cas:cas-server-core-services-api (>=5.2.0-RC2 <=6.1.0-RC4)

org.apereo.cas:cas-server-core-services-api MAVEN version =5.2.0-RC2, =5.3.1, =5.2.0-RC2, =5.3.1, =6.1.0-RC2, =6.0.0-RC4, =6.0.0-RC4, =5.2.0, =6.0.0, =5.2.0, =5.2.0, =5.3.0, =5.3.0, =5.2.0, =5.2.0, =5.2.0, =6.1.0-RC4 and more Source cves: CVE-2019-10754 Source advisory: OSV:GHSA-G24W-373R-5PXG...

8.1CVSS7.2AI score0.01751EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/05/24 4:56 p.m.9 views

org.apereo.cas:cas-server-support-oauth (>=6.1.0-RC2 <=6.1.0-RC4), org.apereo.cas:cas-server-support-oauth-core (>=6.1.0-RC2 <=6.1.0-RC4) +5 more potentially affected by CVE-2019-10754 via org.apereo.cas:cas-server-support-oauth-core-api (>=6.1.0-RC2 <=6.1.0-RC4)

org.apereo.cas:cas-server-support-oauth-core-api MAVEN version =6.1.0-RC2, =6.1.0-RC2, =6.1.0-RC2, =6.1.0-RC2, =6.1.0-RC2, =6.1.0-RC2, =6.1.0-RC2, =6.1.0-RC2, =6.1.0-RC4 Source cves: CVE-2019-10754 Source advisory: OSV:GHSA-G24W-373R-5PXG...

8.1CVSS7.2AI score0.01751EPSS
Exploits1
CVE
CVE
added 2019/09/23 10:9 p.m.117 views

CVE-2019-10754

CVE-2019-10754 affects Apereo CAS before release 6.1.0-RC5. The root cause is the use of apache commons-lang3’s RandomStringUtils for token and ID generation, whose PRNG is not cryptographically strong, making generated values predictable. This predictability can enable an attacker to infer token...

8.1CVSS8AI score0.01751EPSS
Exploits1References5Affected Software1
vulnersOsv
vulnersOsv
added 2019/09/20 10:8 a.m.5 views

org.apereo.cas:cas-mgmt-api-configuration (>=6.1.0-RC2 <=6.1.0-RC4), org.apereo.cas:cas-mgmt-core-util (>=6.0.0-RC4 <=6.1.0-RC4) +197 more potentially affected by CVE-2019-10754 via org.apereo.cas:cas-server-core-services-api (>=6.0.0-RC4 <=6.1.0-RC4)

org.apereo.cas:cas-server-core-services-api MAVEN version =6.0.0-RC4, =6.1.0-RC2, =6.0.0-RC4, =6.0.0-RC4, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.1.0-RC4 and more Source cves: CVE-2019-10754 Source advisory: SNYK:JAVA-ORGAPEREOCAS-468868...

8.1CVSS7.2AI score0.01751EPSS
Exploits1
Rows per page
Query Builder