Overview
- Description
- A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
- Source
- cna@vuldb.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 4.0
- Type
- Secondary
- Base score
- 5.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Secondary
- Base score
- 6.3
- Impact score
- 3.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
- Severity
- MEDIUM
CVSS 2.0
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
Weaknesses
- cna@vuldb.com
- CWE-287
Social media
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
🚨 CVE-2024-11209 (Published: 2024-11-14) affects Apereo products. Vulnerable versions are at risk of exploitation. Ensure your systems are updated to the latest versions to mitigate this vulnerability. For more details, check the advisory: https://t.co/hKRHvEjUUJ #CyberSecurity…
@transilienceai
17 Nov 2024
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-11209 (Published: 2024-11-14) affects Apereo products. Vulnerable versions are at risk of exploitation. Ensure your systems are updated to the latest version to mitigate this vulnerability. For more details, visit: https://t.co/hKRHvEjUUJ #CyberSecurity… https://t.co/
@transilienceai
17 Nov 2024
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11209 Critical Improper Authentication in Apereo CAS 6.6's 2FA Component There's a critical vulnerability in Apereo CAS 6.6. This problem is in the /login?service file of the 2FA component. It causes imp... https://t.co/hbqiDdVbX1
@VulmonFeeds
14 Nov 2024
53 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes
CVE-2024-11209 A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The man… https://t.co/uQJTlN9QhL
@CVEnew
14 Nov 2024
104 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes