CVE-2024-11209

A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
Link Resource
https://gist.github.com/0xArthurSouza/281e8ea8a797abc8371a8ced31dc5562 Exploit Third Party Advisory
https://vuldb.com/?ctiid.284523 Permissions Required
https://vuldb.com/?id.284523 Permissions Required
https://vuldb.com/?submit.437238 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:apereo:central_authentication_service:6.6.0:-:*:*:*:*:*:*

History

19 Nov 2024, 19:14

Type Values Removed Values Added
CPE cpe:2.3:a:apereo:central_authentication_service:6.6.0:-:*:*:*:*:*:*
First Time Apereo
Apereo central Authentication Service
CVSS v2 : 6.5
v3 : 6.3
v2 : 6.5
v3 : 9.8
References () https://gist.github.com/0xArthurSouza/281e8ea8a797abc8371a8ced31dc5562 - () https://gist.github.com/0xArthurSouza/281e8ea8a797abc8371a8ced31dc5562 - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.284523 - () https://vuldb.com/?ctiid.284523 - Permissions Required
References () https://vuldb.com/?id.284523 - () https://vuldb.com/?id.284523 - Permissions Required
References () https://vuldb.com/?submit.437238 - () https://vuldb.com/?submit.437238 - Third Party Advisory

15 Nov 2024, 13:58

Type Values Removed Values Added
Summary
  • (es) Se ha encontrado una vulnerabilidad en Apereo CAS 6.6. Se ha clasificado como crítica. Afecta a una parte desconocida del archivo /login?service del componente 2FA. La manipulación conduce a una autenticación incorrecta. Es posible iniciar el ataque de forma remota. El exploit se ha hecho público y puede utilizarse. Se contactó al proveedor con anticipación sobre esta revelación, pero no respondió de ninguna manera.

14 Nov 2024, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-14 14:15

Updated : 2024-11-19 19:14


NVD link : CVE-2024-11209

Mitre link : CVE-2024-11209

CVE.ORG link : CVE-2024-11209


JSON object : View

Products Affected

apereo

  • central_authentication_service
CWE
CWE-287

Improper Authentication