Apereo Central_authentication_service
13 CVEs affecting Apereo Central_authentication_service. Latest disclosed: 2025-04-27. Critical: 2, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-4612 | Critical | 9.8 | 2023-11-09 | Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.T… |
CVE-2024-4399 | Critical | 9.1 | 2024-05-23 | The does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack |
CVE-2019-10754 | High | 8.1 | 2019-09-23 | Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes th… |
CVE-2020-27178 | High | 7.5 | 2020-10-16 | Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifa… |
CVE-2024-11209 | Medium | 6.3 | 2024-11-14 | A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA… |
CVE-2021-42567 | Medium | 6.1 | 2021-12-07 | Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints. |
CVE-2025-3984 | Medium | 5.0 | 2025-04-27 | A vulnerability was found in Apereo CAS 5.2.6 and classified as critical. Affected by this issue is the function saveService of the file cas-5.2.6\webapp-mgmt\… |
CVE-2025-3986 | Medium | 4.3 | 2025-04-27 | A vulnerability was found in Apereo CAS 5.2.6. It has been declared as problematic. This vulnerability affects unknown code of the file cas-5.2.6\core\cas-serv… |
CVE-2024-11207 | Medium | 4.3 | 2024-11-14 | A vulnerability has been found in Apereo CAS 6.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login… |
CVE-2023-28857 | Medium | 4.0 | 2023-06-27 | Apereo CAS is an open source multilingual single sign-on solution for the web. Apereo CAS can be configured to use authentication based on client X509 certific… |
CVE-2024-11208 | Low | 3.7 | 2024-11-14 | A vulnerability was found in Apereo CAS 6.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login?service. The… |
CVE-2025-3985 | Low | 2.7 | 2025-04-27 | A vulnerability was found in Apereo CAS 5.2.6. It has been classified as problematic. This affects the function ResponseEntity of the file cas-5.2.6\webapp-mgm… |
CVE-2015-1169 | | 2015-02-10 | Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via a crafted username, as demonstrat… |