GCVE - cpe:2.3:a:apereo:cas_server:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:apereo:cas_server:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Apereo (`497abf49-80d7-5c5f-927e-22e0814c4740`)
Product	Cas Server (`4f05db88-6c72-56a4-b792-ae0d9cda7733`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-11209`	vulnerable	2026-06-08 06:23:49.072896	Apereo CAS 2FA login improper authentication MEDIUM (6.3) A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2024-11-14T13:31:06.281Z Updated: 2024-11-14T14:29:15.472Z Open on db.gcve.eu Reference links https://vuldb.com/?id.284523 https://vuldb.com/?ctiid.284523 https://vuldb.com/?submit.437238 https://gist.github.com/0xArthurSouza/281e8ea8a797abc8371a8ced31dc5562	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-11208`	vulnerable	2026-06-08 06:23:49.072031	Apereo CAS login session expiration LOW (3.7) A vulnerability was found in Apereo CAS 6.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login?service. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2024-11-14T13:31:04.929Z Updated: 2024-11-14T14:31:21.251Z Open on db.gcve.eu Reference links https://vuldb.com/?id.284522 https://vuldb.com/?ctiid.284522 https://vuldb.com/?submit.437211 https://gist.github.com/0xArthurSouza/ce3b89887b03cc899d5e8cb6e472b04e https://ibb.co/1LxSK2k	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-2296`	vulnerable	2026-06-08 05:05:28.387015	Details available XML external entity (XXE) vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remote unauthenticated users to bypass authentication via crafted XML data. Published: 2018-07-20T17:00:00.000Z Updated: 2024-08-06T10:06:00.271Z Open on db.gcve.eu Reference links http://jasig.275507.n4.nabble.com/CAS-3-5-2-1-and-3-4-12-1-Security-Releases-td4662444.html https://vigilance.fr/vulnerability/Jasig-CAS-Server-bypassing-authentication-via-Google-Accounts-Integration-14512	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.