CVE-2024-11209
MEDIUMApereo CAS 6.6 - Improper Authentication in 2FA Login Endpoint
Title source: llmDescription
A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References (4)
Core 4
Core References
Permissions Required vdb-entry
https://vuldb.com/?id.284523
Permissions Required signature
permissions-required
https://vuldb.com/?ctiid.284523
Third Party Advisory third-party-advisory
https://vuldb.com/?submit.437238
Exploit, Third Party Advisory exploit
https://gist.github.com/0xArthurSouza/281e8ea8a797abc8371a8ced31dc5562
Scores
CVSS v3
6.3
EPSS
0.0060
EPSS Percentile
44.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-287
Status
published
Products (1)
apereo/central_authentication_service
6.6.0
Published
Nov 14, 2024
Tracked Since
Feb 18, 2026