CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-10754

Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 61.1%

CVSS Severity

CVSS v3 Score 8.1

CVSS v2 Score 5.5

References

Products affected by CVE-2019-10754

Apereo » Central Authentication Service » Version: 3.0

cpe:2.3:a:apereo:central_authentication_service:3.0
Apereo » Central Authentication Service » Version: 3.0.1

cpe:2.3:a:apereo:central_authentication_service:3.0.1
Apereo » Central Authentication Service » Version: 3.0.1.1

cpe:2.3:a:apereo:central_authentication_service:3.0.1.1
Apereo » Central Authentication Service » Version: 3.0.2

cpe:2.3:a:apereo:central_authentication_service:3.0.2
Apereo » Central Authentication Service » Version: 3.0.2.1

cpe:2.3:a:apereo:central_authentication_service:3.0.2.1
Apereo » Central Authentication Service » Version: 3.0.3

cpe:2.3:a:apereo:central_authentication_service:3.0.3
Apereo » Central Authentication Service » Version: 3.0.3.1

cpe:2.3:a:apereo:central_authentication_service:3.0.3.1
Apereo » Central Authentication Service » Version: 3.0.3.2

cpe:2.3:a:apereo:central_authentication_service:3.0.3.2
Apereo » Central Authentication Service » Version: 3.0.4

cpe:2.3:a:apereo:central_authentication_service:3.0.4
Apereo » Central Authentication Service » Version: 3.0.4.1

cpe:2.3:a:apereo:central_authentication_service:3.0.4.1
Apereo » Central Authentication Service » Version: 3.0.4.2

cpe:2.3:a:apereo:central_authentication_service:3.0.4.2
Apereo » Central Authentication Service » Version: 3.0.5

cpe:2.3:a:apereo:central_authentication_service:3.0.5
Apereo » Central Authentication Service » Version: 3.0.5.1

cpe:2.3:a:apereo:central_authentication_service:3.0.5.1
Apereo » Central Authentication Service » Version: 3.0.5.2

cpe:2.3:a:apereo:central_authentication_service:3.0.5.2
Apereo » Central Authentication Service » Version: 3.0.5.3

cpe:2.3:a:apereo:central_authentication_service:3.0.5.3
Apereo » Central Authentication Service » Version: 3.0.6

cpe:2.3:a:apereo:central_authentication_service:3.0.6
Apereo » Central Authentication Service » Version: 3.0.6.1

cpe:2.3:a:apereo:central_authentication_service:3.0.6.1
Apereo » Central Authentication Service » Version: 3.0.7

cpe:2.3:a:apereo:central_authentication_service:3.0.7
Apereo » Central Authentication Service » Version: 3.0.7.1

cpe:2.3:a:apereo:central_authentication_service:3.0.7.1
Apereo » Central Authentication Service » Version: 3.1.0

cpe:2.3:a:apereo:central_authentication_service:3.1.0
Apereo » Central Authentication Service » Version: 3.1.1

cpe:2.3:a:apereo:central_authentication_service:3.1.1
Apereo » Central Authentication Service » Version: 3.1.1.1

cpe:2.3:a:apereo:central_authentication_service:3.1.1.1
Apereo » Central Authentication Service » Version: 3.1.1.2

cpe:2.3:a:apereo:central_authentication_service:3.1.1.2
Apereo » Central Authentication Service » Version: 3.1.2

cpe:2.3:a:apereo:central_authentication_service:3.1.2
Apereo » Central Authentication Service » Version: 3.1.3

cpe:2.3:a:apereo:central_authentication_service:3.1.3
Apereo » Central Authentication Service » Version: 3.1.4

cpe:2.3:a:apereo:central_authentication_service:3.1.4
Apereo » Central Authentication Service » Version: 3.2.0

cpe:2.3:a:apereo:central_authentication_service:3.2.0
Apereo » Central Authentication Service » Version: 3.2.0.1

cpe:2.3:a:apereo:central_authentication_service:3.2.0.1
Apereo » Central Authentication Service » Version: 3.2.0.2

cpe:2.3:a:apereo:central_authentication_service:3.2.0.2
Apereo » Central Authentication Service » Version: 3.2.0.3

cpe:2.3:a:apereo:central_authentication_service:3.2.0.3
Apereo » Central Authentication Service » Version: 3.2.0.4

cpe:2.3:a:apereo:central_authentication_service:3.2.0.4
Apereo » Central Authentication Service » Version: 3.2.1

cpe:2.3:a:apereo:central_authentication_service:3.2.1
Apereo » Central Authentication Service » Version: 3.2.1.1

cpe:2.3:a:apereo:central_authentication_service:3.2.1.1
Apereo » Central Authentication Service » Version: 3.2.1.2

cpe:2.3:a:apereo:central_authentication_service:3.2.1.2
Apereo » Central Authentication Service » Version: 3.2.2.1

cpe:2.3:a:apereo:central_authentication_service:3.2.2.1
Apereo » Central Authentication Service » Version: 3.3.0

cpe:2.3:a:apereo:central_authentication_service:3.3.0
Apereo » Central Authentication Service » Version: 3.3.1

cpe:2.3:a:apereo:central_authentication_service:3.3.1
Apereo » Central Authentication Service » Version: 3.3.2

cpe:2.3:a:apereo:central_authentication_service:3.3.2
Apereo » Central Authentication Service » Version: 3.3.3

cpe:2.3:a:apereo:central_authentication_service:3.3.3
Apereo » Central Authentication Service » Version: 3.3.4

cpe:2.3:a:apereo:central_authentication_service:3.3.4
Apereo » Central Authentication Service » Version: 3.3.5

cpe:2.3:a:apereo:central_authentication_service:3.3.5
Apereo » Central Authentication Service » Version: 3.3.5.1

cpe:2.3:a:apereo:central_authentication_service:3.3.5.1
Apereo » Central Authentication Service » Version: 3.4.0

cpe:2.3:a:apereo:central_authentication_service:3.4.0
Apereo » Central Authentication Service » Version: 3.4.1

cpe:2.3:a:apereo:central_authentication_service:3.4.1
Apereo » Central Authentication Service » Version: 3.4.10

cpe:2.3:a:apereo:central_authentication_service:3.4.10
Apereo » Central Authentication Service » Version: 3.4.11

cpe:2.3:a:apereo:central_authentication_service:3.4.11
Apereo » Central Authentication Service » Version: 3.4.12

cpe:2.3:a:apereo:central_authentication_service:3.4.12
Apereo » Central Authentication Service » Version: 3.4.12.1

cpe:2.3:a:apereo:central_authentication_service:3.4.12.1
Apereo » Central Authentication Service » Version: 3.4.2

cpe:2.3:a:apereo:central_authentication_service:3.4.2
Apereo » Central Authentication Service » Version: 3.4.2.1

cpe:2.3:a:apereo:central_authentication_service:3.4.2.1
Apereo » Central Authentication Service » Version: 3.4.3

cpe:2.3:a:apereo:central_authentication_service:3.4.3
Apereo » Central Authentication Service » Version: 3.4.3.1

cpe:2.3:a:apereo:central_authentication_service:3.4.3.1
Apereo » Central Authentication Service » Version: 3.4.4

cpe:2.3:a:apereo:central_authentication_service:3.4.4
Apereo » Central Authentication Service » Version: 3.4.5

cpe:2.3:a:apereo:central_authentication_service:3.4.5
Apereo » Central Authentication Service » Version: 3.4.6

cpe:2.3:a:apereo:central_authentication_service:3.4.6
Apereo » Central Authentication Service » Version: 3.4.7

cpe:2.3:a:apereo:central_authentication_service:3.4.7
Apereo » Central Authentication Service » Version: 3.4.8

cpe:2.3:a:apereo:central_authentication_service:3.4.8
Apereo » Central Authentication Service » Version: 3.4.9

cpe:2.3:a:apereo:central_authentication_service:3.4.9
Apereo » Central Authentication Service » Version: 3.5.0

cpe:2.3:a:apereo:central_authentication_service:3.5.0
Apereo » Central Authentication Service » Version: 3.5.1

cpe:2.3:a:apereo:central_authentication_service:3.5.1
Apereo » Central Authentication Service » Version: 3.5.2

cpe:2.3:a:apereo:central_authentication_service:3.5.2
Apereo » Central Authentication Service » Version: 3.5.2-cas-1181

cpe:2.3:a:apereo:central_authentication_service:3.5.2-cas-1181
Apereo » Central Authentication Service » Version: 3.5.2.1

cpe:2.3:a:apereo:central_authentication_service:3.5.2.1
Apereo » Central Authentication Service » Version: 3.5.3

cpe:2.3:a:apereo:central_authentication_service:3.5.3
Apereo » Central Authentication Service » Version: 3.6.0

cpe:2.3:a:apereo:central_authentication_service:3.6.0
Apereo » Central Authentication Service » Version: 4.0.0

cpe:2.3:a:apereo:central_authentication_service:4.0.0
Apereo » Central Authentication Service » Version: 4.0.1

cpe:2.3:a:apereo:central_authentication_service:4.0.1
Apereo » Central Authentication Service » Version: 4.0.2

cpe:2.3:a:apereo:central_authentication_service:4.0.2
Apereo » Central Authentication Service » Version: 4.0.3

cpe:2.3:a:apereo:central_authentication_service:4.0.3
Apereo » Central Authentication Service » Version: 4.0.4

cpe:2.3:a:apereo:central_authentication_service:4.0.4
Apereo » Central Authentication Service » Version: 4.0.5

cpe:2.3:a:apereo:central_authentication_service:4.0.5
Apereo » Central Authentication Service » Version: 4.0.6

cpe:2.3:a:apereo:central_authentication_service:4.0.6
Apereo » Central Authentication Service » Version: 4.0.7

cpe:2.3:a:apereo:central_authentication_service:4.0.7
Apereo » Central Authentication Service » Version: 4.1.0

cpe:2.3:a:apereo:central_authentication_service:4.1.0
Apereo » Central Authentication Service » Version: 4.1.1

cpe:2.3:a:apereo:central_authentication_service:4.1.1
Apereo » Central Authentication Service » Version: 4.1.10

cpe:2.3:a:apereo:central_authentication_service:4.1.10
Apereo » Central Authentication Service » Version: 4.1.2

cpe:2.3:a:apereo:central_authentication_service:4.1.2
Apereo » Central Authentication Service » Version: 4.1.3

cpe:2.3:a:apereo:central_authentication_service:4.1.3
Apereo » Central Authentication Service » Version: 4.1.4

cpe:2.3:a:apereo:central_authentication_service:4.1.4
Apereo » Central Authentication Service » Version: 4.1.5

cpe:2.3:a:apereo:central_authentication_service:4.1.5
Apereo » Central Authentication Service » Version: 4.1.6

cpe:2.3:a:apereo:central_authentication_service:4.1.6
Apereo » Central Authentication Service » Version: 4.1.7

cpe:2.3:a:apereo:central_authentication_service:4.1.7
Apereo » Central Authentication Service » Version: 4.1.8

cpe:2.3:a:apereo:central_authentication_service:4.1.8
Apereo » Central Authentication Service » Version: 4.1.9

cpe:2.3:a:apereo:central_authentication_service:4.1.9
Apereo » Central Authentication Service » Version: 4.2.0

cpe:2.3:a:apereo:central_authentication_service:4.2.0
Apereo » Central Authentication Service » Version: 4.2.1

cpe:2.3:a:apereo:central_authentication_service:4.2.1
Apereo » Central Authentication Service » Version: 4.2.2

cpe:2.3:a:apereo:central_authentication_service:4.2.2
Apereo » Central Authentication Service » Version: 4.2.3

cpe:2.3:a:apereo:central_authentication_service:4.2.3
Apereo » Central Authentication Service » Version: 4.2.4

cpe:2.3:a:apereo:central_authentication_service:4.2.4
Apereo » Central Authentication Service » Version: 4.2.5

cpe:2.3:a:apereo:central_authentication_service:4.2.5
Apereo » Central Authentication Service » Version: 4.2.6

cpe:2.3:a:apereo:central_authentication_service:4.2.6
Apereo » Central Authentication Service » Version: 4.2.7

cpe:2.3:a:apereo:central_authentication_service:4.2.7
Apereo » Central Authentication Service » Version: 5.0.0

cpe:2.3:a:apereo:central_authentication_service:5.0.0
Apereo » Central Authentication Service » Version: 5.0.1

cpe:2.3:a:apereo:central_authentication_service:5.0.1
Apereo » Central Authentication Service » Version: 5.0.10

cpe:2.3:a:apereo:central_authentication_service:5.0.10
Apereo » Central Authentication Service » Version: 5.0.2

cpe:2.3:a:apereo:central_authentication_service:5.0.2
Apereo » Central Authentication Service » Version: 5.0.3

cpe:2.3:a:apereo:central_authentication_service:5.0.3
Apereo » Central Authentication Service » Version: 5.0.3.1

cpe:2.3:a:apereo:central_authentication_service:5.0.3.1
Apereo » Central Authentication Service » Version: 5.0.4

cpe:2.3:a:apereo:central_authentication_service:5.0.4
Apereo » Central Authentication Service » Version: 5.0.5

cpe:2.3:a:apereo:central_authentication_service:5.0.5
Apereo » Central Authentication Service » Version: 5.0.6

cpe:2.3:a:apereo:central_authentication_service:5.0.6
Apereo » Central Authentication Service » Version: 5.0.7

cpe:2.3:a:apereo:central_authentication_service:5.0.7
Apereo » Central Authentication Service » Version: 5.0.8

cpe:2.3:a:apereo:central_authentication_service:5.0.8
Apereo » Central Authentication Service » Version: 5.0.9

cpe:2.3:a:apereo:central_authentication_service:5.0.9
Apereo » Central Authentication Service » Version: 5.1.0

cpe:2.3:a:apereo:central_authentication_service:5.1.0
Apereo » Central Authentication Service » Version: 5.1.1

cpe:2.3:a:apereo:central_authentication_service:5.1.1
Apereo » Central Authentication Service » Version: 5.1.2

cpe:2.3:a:apereo:central_authentication_service:5.1.2
Apereo » Central Authentication Service » Version: 5.1.3

cpe:2.3:a:apereo:central_authentication_service:5.1.3
Apereo » Central Authentication Service » Version: 5.1.4

cpe:2.3:a:apereo:central_authentication_service:5.1.4
Apereo » Central Authentication Service » Version: 5.1.5

cpe:2.3:a:apereo:central_authentication_service:5.1.5
Apereo » Central Authentication Service » Version: 5.1.6

cpe:2.3:a:apereo:central_authentication_service:5.1.6
Apereo » Central Authentication Service » Version: 5.1.7

cpe:2.3:a:apereo:central_authentication_service:5.1.7
Apereo » Central Authentication Service » Version: 5.1.8

cpe:2.3:a:apereo:central_authentication_service:5.1.8
Apereo » Central Authentication Service » Version: 5.1.9

cpe:2.3:a:apereo:central_authentication_service:5.1.9
Apereo » Central Authentication Service » Version: 5.2.0

cpe:2.3:a:apereo:central_authentication_service:5.2.0
Apereo » Central Authentication Service » Version: 5.2.1

cpe:2.3:a:apereo:central_authentication_service:5.2.1
Apereo » Central Authentication Service » Version: 5.2.2

cpe:2.3:a:apereo:central_authentication_service:5.2.2
Apereo » Central Authentication Service » Version: 5.2.3

cpe:2.3:a:apereo:central_authentication_service:5.2.3
Apereo » Central Authentication Service » Version: 5.2.4

cpe:2.3:a:apereo:central_authentication_service:5.2.4
Apereo » Central Authentication Service » Version: 5.2.5

cpe:2.3:a:apereo:central_authentication_service:5.2.5
Apereo » Central Authentication Service » Version: 5.2.6

cpe:2.3:a:apereo:central_authentication_service:5.2.6
Apereo » Central Authentication Service » Version: 5.2.7

cpe:2.3:a:apereo:central_authentication_service:5.2.7
Apereo » Central Authentication Service » Version: 5.2.8

cpe:2.3:a:apereo:central_authentication_service:5.2.8
Apereo » Central Authentication Service » Version: 5.2.9

cpe:2.3:a:apereo:central_authentication_service:5.2.9
Apereo » Central Authentication Service » Version: 5.3.0

cpe:2.3:a:apereo:central_authentication_service:5.3.0
Apereo » Central Authentication Service » Version: 5.3.1

cpe:2.3:a:apereo:central_authentication_service:5.3.1
Apereo » Central Authentication Service » Version: 5.3.10

cpe:2.3:a:apereo:central_authentication_service:5.3.10
Apereo » Central Authentication Service » Version: 5.3.11

cpe:2.3:a:apereo:central_authentication_service:5.3.11
Apereo » Central Authentication Service » Version: 5.3.12

cpe:2.3:a:apereo:central_authentication_service:5.3.12
Apereo » Central Authentication Service » Version: 5.3.12.1

cpe:2.3:a:apereo:central_authentication_service:5.3.12.1
Apereo » Central Authentication Service » Version: 5.3.14

cpe:2.3:a:apereo:central_authentication_service:5.3.14
Apereo » Central Authentication Service » Version: 5.3.15

cpe:2.3:a:apereo:central_authentication_service:5.3.15
Apereo » Central Authentication Service » Version: 5.3.15.1

cpe:2.3:a:apereo:central_authentication_service:5.3.15.1
Apereo » Central Authentication Service » Version: 5.3.16

cpe:2.3:a:apereo:central_authentication_service:5.3.16
Apereo » Central Authentication Service » Version: 5.3.2

cpe:2.3:a:apereo:central_authentication_service:5.3.2
Apereo » Central Authentication Service » Version: 5.3.3

cpe:2.3:a:apereo:central_authentication_service:5.3.3
Apereo » Central Authentication Service » Version: 5.3.4

cpe:2.3:a:apereo:central_authentication_service:5.3.4
Apereo » Central Authentication Service » Version: 5.3.5

cpe:2.3:a:apereo:central_authentication_service:5.3.5
Apereo » Central Authentication Service » Version: 5.3.6

cpe:2.3:a:apereo:central_authentication_service:5.3.6
Apereo » Central Authentication Service » Version: 5.3.7

cpe:2.3:a:apereo:central_authentication_service:5.3.7
Apereo » Central Authentication Service » Version: 5.3.8

cpe:2.3:a:apereo:central_authentication_service:5.3.8
Apereo » Central Authentication Service » Version: 5.3.9

cpe:2.3:a:apereo:central_authentication_service:5.3.9
Apereo » Central Authentication Service » Version: 6.0.0

cpe:2.3:a:apereo:central_authentication_service:6.0.0
Apereo » Central Authentication Service » Version: 6.0.1

cpe:2.3:a:apereo:central_authentication_service:6.0.1
Apereo » Central Authentication Service » Version: 6.0.2

cpe:2.3:a:apereo:central_authentication_service:6.0.2
Apereo » Central Authentication Service » Version: 6.0.3

cpe:2.3:a:apereo:central_authentication_service:6.0.3
Apereo » Central Authentication Service » Version: 6.0.4

cpe:2.3:a:apereo:central_authentication_service:6.0.4
Apereo » Central Authentication Service » Version: 6.0.5

cpe:2.3:a:apereo:central_authentication_service:6.0.5
Apereo » Central Authentication Service » Version: 6.0.5.1

cpe:2.3:a:apereo:central_authentication_service:6.0.5.1
Apereo » Central Authentication Service » Version: 6.1.0

cpe:2.3:a:apereo:central_authentication_service:6.1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-10754

Products

Pricing

Contact Us