Apereo Central Authentication Service (CAS) 7.0.0 Release Candidate 1
Approved changes feed: RSS · Atom
cpe:2.3:a:apereo:central_authentication_service:7.0.0:rc1:*:*:*:*:*:*
part: a version: 7.0.0 update: rc1
| Vendor | Apereo (497abf49-80d7-5c5f-927e-22e0814c4740) |
|---|---|
| Product | Central Authentication Service (9710ffba-d783-5149-832e-bef85996db96) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/apereo/cas |
purl2cpe | 2026-06-01 10:13:17.475059 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-4612 |
vulnerable | 2026-06-08 06:16:13.809938 |
MFA bypass in Apereo CAS
Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.This issue affects CAS: through 7.0.0-RC7. It is unknown whether in new versions the issue will be fixed. For the date of publication there is no patch, and the vendor does not treat it as a vulnerability.
Published: 2023-11-09T13:41:38.189Z
Updated: 2025-02-26T21:25:31.425Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.