Apereo Central Authentication Service — known CVE vulnerabilities
Every CVE whose affected-product data names Apereo Central Authentication Service, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2023-4612 — CVSS 9.8 (critical): Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor…
CVE-2024-4399 — CVSS 9.1 (critical): The does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack
CVE-2019-10754 — CVSS 8.1 (high): Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID…
CVE-2020-27178 — CVSS 7.5 (high): Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google…
CVE-2015-1169 — CVSS 7.5 (high): Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via a crafted…
CVE-2024-11209 — CVSS 6.3 (medium): A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of…
CVE-2025-3984 — CVSS 5.0 (medium): A vulnerability was found in Apereo CAS 5.2.6 and classified as critical. Affected by this issue is the function saveService of the file…
CVE-2025-3986 — CVSS 4.3 (medium): A vulnerability was found in Apereo CAS 5.2.6. It has been declared as problematic. This vulnerability affects unknown code of the file…
CVE-2024-11207 — CVSS 4.3 (medium): A vulnerability has been found in Apereo CAS 6.6 and classified as problematic. Affected by this vulnerability is an unknown functionality…
CVE-2023-28857 — CVSS 4.0 (medium): Apereo CAS is an open source multilingual single sign-on solution for the web. Apereo CAS can be configured to use authentication based on…
CVE-2024-11208 — CVSS 3.7 (low): A vulnerability was found in Apereo CAS 6.6 and classified as problematic. Affected by this issue is some unknown functionality of the file…
CVE-2025-3985 — CVSS 2.7 (low): A vulnerability was found in Apereo CAS 5.2.6. It has been classified as problematic. This affects the function ResponseEntity of the file…