Cas Server Security Vulnerabilities and Issues — Cas Server CVE List

Lucene search

ApereoCas Server

8 matches found

CVE•added 2024/11/14 2:15 p.m.•52 views

CVE-2024-11209

A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the pub...

9.8CVSS6.7AI score0.00161EPSS

CVE•added 2025/04/27 8:15 p.m.•47 views

CVE-2025-3984

A vulnerability was found in Apereo CAS 5.2.6 and classified as critical. Affected by this issue is the function saveService of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\RegisteredServiceSimpleFormController.java of the component Gro...

5CVSS5.6AI score0.00061EPSS

CVE•added 2025/04/27 9:15 p.m.•47 views

CVE-2025-3985

A vulnerability was found in Apereo CAS 5.2.6. It has been classified as problematic. This affects the function ResponseEntity of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\ManageRegisteredServicesMultiActionController.java. The manip...

5.1CVSS3.8AI score0.00054EPSS

CVE•added 2025/04/27 9:15 p.m.•45 views

CVE-2025-3986

A vulnerability was found in Apereo CAS 5.2.6. It has been declared as problematic. This vulnerability affects unknown code of the file cas-5.2.6\core\cas-server-core-configuration-metadata-repository\src\main\java\org\apereo\cas\metadata\rest\CasConfigurationMetadataServerController.java. The mani...

5.3CVSS4.8AI score0.00055EPSS

CVE•added 2023/06/27 6:15 p.m.•40 views

CVE-2023-28857

Apereo CAS is an open source multilingual single sign-on solution for the web. Apereo CAS can be configured to use authentication based on client X509 certificates. These certificates can be provided via TLS handshake or a special HTTP header, such as “ssl_client_cert”. When checking the validity o...

7.5CVSS6AI score0.0026EPSS

CVE•added 2024/11/14 2:15 p.m.•38 views

CVE-2024-11208

A vulnerability was found in Apereo CAS 6.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login?service. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation...

8.1CVSS4.6AI score0.00132EPSS

CVE•added 2024/11/14 1:15 p.m.•35 views

CVE-2024-11207

A vulnerability has been found in Apereo CAS 6.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login. The manipulation of the argument redirect_uri leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to...

5.3CVSS4.6AI score0.0006EPSS

CVE•added 2018/07/20 5:29 p.m.•33 views

CVE-2014-2296

XML external entity (XXE) vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remote unauthenticated users to bypass authentication via crafted XML data.

8.8CVSS8.8AI score0.00368EPSS