A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
Link | Resource |
---|---|
https://gist.github.com/0xArthurSouza/281e8ea8a797abc8371a8ced31dc5562 | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.284523 | Permissions Required |
https://vuldb.com/?id.284523 | Permissions Required |
https://vuldb.com/?submit.437238 | Third Party Advisory |
Configurations
History
19 Nov 2024, 19:14
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:apereo:central_authentication_service:6.6.0:-:*:*:*:*:*:* | |
First Time |
Apereo
Apereo central Authentication Service |
|
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 9.8 |
References | () https://gist.github.com/0xArthurSouza/281e8ea8a797abc8371a8ced31dc5562 - Exploit, Third Party Advisory | |
References | () https://vuldb.com/?ctiid.284523 - Permissions Required | |
References | () https://vuldb.com/?id.284523 - Permissions Required | |
References | () https://vuldb.com/?submit.437238 - Third Party Advisory |
15 Nov 2024, 13:58
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
14 Nov 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-14 14:15
Updated : 2024-11-19 19:14
NVD link : CVE-2024-11209
Mitre link : CVE-2024-11209
CVE.ORG link : CVE-2024-11209
JSON object : View
Products Affected
apereo
- central_authentication_service
CWE
CWE-287
Improper Authentication