Skip to main content

Central Authentication Service

13 CVEs product

Monthly

CVE-2025-3986 Maven MEDIUM This Month

A vulnerability was found in Apereo CAS 5.2.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Central Authentication Service
NVD VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2025-3985 Maven MEDIUM This Month

A vulnerability was found in Apereo CAS 5.2.6. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Central Authentication Service
NVD VulDB
CVSS 4.0
5.1
EPSS
0.9%
CVE-2025-3984 Maven LOW Monitor

A vulnerability was found in Apereo CAS 5.2.6 and classified as critical. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Java Central Authentication Service
NVD VulDB
CVSS 4.0
2.3
EPSS
0.3%
CVE-2024-11209 MEDIUM POC This Month

A vulnerability was found in Apereo CAS 6.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Central Authentication Service
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-11208 MEDIUM POC This Month

A vulnerability was found in Apereo CAS 6.6 and classified as problematic. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Central Authentication Service
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.7%
CVE-2024-11207 MEDIUM POC This Month

A vulnerability has been found in Apereo CAS 6.6 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Central Authentication Service
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-4399 CRITICAL POC Act Now

The does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Central Authentication Service
NVD WPScan
CVSS 3.1
9.1
EPSS
1.8%
CVE-2023-4612 CRITICAL Act Now

Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.0.0-RC7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Central Authentication Service
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-28857 Maven HIGH PATCH This Week

Apereo CAS is an open source multilingual single sign-on solution for the web. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Central Authentication Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2021-42567 Maven MEDIUM POC PATCH This Month

Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Central Authentication Service
NVD GitHub
CVSS 3.1
6.1
EPSS
8.1%
CVE-2020-27178 Maven HIGH PATCH This Week

Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Central Authentication Service
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2019-10754 Maven HIGH POC PATCH This Week

Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apache Central Authentication Service
NVD
CVSS 3.1
8.1
EPSS
1.8%
CVE-2015-1169 HIGH POC This Week

Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via a crafted username, as demonstrated by using a wildcard and a valid. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Central Authentication Service
NVD GitHub
CVSS 2.0
7.5
EPSS
0.3%
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability was found in Apereo CAS 5.2.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Central Authentication Service
NVD VulDB
EPSS 1% CVSS 5.1
MEDIUM This Month

A vulnerability was found in Apereo CAS 5.2.6. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Central Authentication Service
NVD VulDB
EPSS 0% CVSS 2.3
LOW Monitor

A vulnerability was found in Apereo CAS 5.2.6 and classified as critical. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Java Central Authentication Service
NVD VulDB
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in Apereo CAS 6.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Central Authentication Service
NVD VulDB GitHub
EPSS 1% CVSS 6.3
MEDIUM POC This Month

A vulnerability was found in Apereo CAS 6.6 and classified as problematic. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Central Authentication Service
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability has been found in Apereo CAS 6.6 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Central Authentication Service
NVD GitHub VulDB
EPSS 2% CVSS 9.1
CRITICAL POC Act Now

The does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Central Authentication Service
NVD WPScan
EPSS 1% CVSS 9.8
CRITICAL Act Now

Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.0.0-RC7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Central Authentication Service
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Apereo CAS is an open source multilingual single sign-on solution for the web. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Central Authentication Service
NVD GitHub
EPSS 8% CVSS 6.1
MEDIUM POC PATCH This Month

Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Central Authentication Service
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Central Authentication Service
NVD
EPSS 2% CVSS 8.1
HIGH POC PATCH This Week

Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apache Central Authentication Service
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via a crafted username, as demonstrated by using a wildcard and a valid. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Central Authentication Service
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy