CRITICAL🇬🇧 English

CVE-2023-4612

CVSS 9.8v3.1pub. 2023-11-09upd. 2025-02-26

Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.This issue affects CAS: through 7.0.0-RC7. It is unknown whether in new versions the issue will be fixed. For the date of publication there is no patch, and the vendor does not treat it as a vulnerability.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Apereo Central Authentication Service

    APP
    Apereo
    7.0.0< 7.0.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2024-4399CRITICAL9.1PL ✓ten sam produkt

SSRF w Apereo Central Authentication Service — brak walidacji parametru

CVE-2020-27178HIGH7.5ten sam produkt

Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles ...

CVE-2019-10754HIGH8.1ten sam produkt

Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStrin...

CVE-2015-1169HIGH7.5ten sam produkt

Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP inject...

CVE-2025-3985MEDIUM5.1ten sam produkt

A vulnerability was found in Apereo CAS 5.2.6. It has been classified as problematic. This affects the functio...