CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-2296

XML external entity (XXE) vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remote unauthenticated users to bypass authentication via crafted XML data.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 58.1%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.8

References

http://jasig.275507.n4.nabble.com/CAS-3-5-2-1-and-3-4-12-1-Security-Releases-td4662444.html
https://vigilance.fr/vulnerability/Jasig-CAS-Server-bypassing-authentication-via-Google-Accounts-Integration-14512
http://jasig.275507.n4.nabble.com/CAS-3-5-2-1-and-3-4-12-1-Security-Releases-td4662444.html
https://vigilance.fr/vulnerability/Jasig-CAS-Server-bypassing-authentication-via-Google-Accounts-Integration-14512

Products affected by CVE-2014-2296

Apereo » Cas Server » Version: Any

cpe:2.3:a:apereo:cas_server:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-2296

Products

Pricing

Contact Us