Home/Product/apereo central authentication service
Product

apereo central authentication service

13 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-3986
all versions
A vulnerability was found in Apereo CAS 5.2.6. It has been declared as problematic. This vulnerability affects unknown code of the
4.3MEDIUM
 CVE-2025-3985
all versions
A vulnerability was found in Apereo CAS 5.2.6. It has been classified as problematic. This affects the function ResponseEntity of
2.7LOW
 CVE-2025-3984
all versions
A vulnerability was found in Apereo CAS 5.2.6 and classified as critical. Affected by this issue is the function saveService of th
5.0MEDIUM
 CVE-2024-11209
all versions
A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?s
6.3MEDIUM
 CVE-2024-11208
all versions
A vulnerability was found in Apereo CAS 6.6 and classified as problematic. Affected by this issue is some unknown functionality of
3.7LOW
 CVE-2024-11207
all versions
A vulnerability has been found in Apereo CAS 6.6 and classified as problematic. Affected by this vulnerability is an unknown funct
4.3MEDIUM
 CVE-2024-4399
all versions
The does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack
9.1CRITICAL
 CVE-2023-4612
< 7.0.0
Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-
9.8CRITICAL
 CVE-2023-28857
>= 6.5.0 and < 6.5.9.1
Apereo CAS is an open source multilingual single sign-on solution for the web. Apereo CAS can be configured to use authentication
4.0MEDIUM
 CVE-2021-42567
>= 6.3.0 and < 6.3.7.1
Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints.
6.1MEDIUM
 CVE-2020-27178
>= 5.3.0 and < 5.3.16
Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Goo
7.5HIGH
 CVE-2019-10754
<= 6.0.5.1
Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and
8.1HIGH
 CVE-2015-1169
<= 3.5.2
Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via a cr
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh