CVE-2024-11207

Published Nov 14, 2024

Last updated 2 days ago

CVSS medium 5.3

Overview

Description
A vulnerability has been found in Apereo CAS 6.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login. The manipulation of the argument redirect_uri leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Source
cna@vuldb.com
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
5.3
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
MEDIUM

CVSS 3.1

Type
Secondary
Base score
4.3
Impact score
1.4
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Severity
MEDIUM

CVSS 2.0

Type
Secondary
Base score
4
Impact score
2.9
Exploitability score
8
Vector string
AV:N/AC:L/Au:S/C:N/I:P/A:N

Weaknesses

cna@vuldb.com
CWE-601

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. 🚨 CVE-2024-11207 (Published: 2024-11-14) - High severity vulnerability in Apereo. Affects specific versions; ensure your systems are updated! 🛡️ Remediation steps include applying the latest patches and reviewing security configurations. Stay secure! More info:… https://t.co/aw

    @transilienceai

    17 Nov 2024

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2024-11207 Open Redirect Vulnerability Disclosed in Apereo CAS 6.6 A problem has been discovered in Apereo CAS 6.6. It affects a part of the file /login. The issue is with how the redirect_uri is used. This c... https://t.co/3cAC82iIqb

    @VulmonFeeds

    14 Nov 2024

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2024-11207 A vulnerability has been found in Apereo CAS 6.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login. The man… https://t.co/fBQf2hPBFC

    @CVEnew

    14 Nov 2024

    129 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References