CVE-2024-11207 - Vulnerability Details

Vendors	Products
Apereo	Cas

Link	Providers
https://gist.github.com/0xArthurSouza/68295d8fa20f18161945260fcdf842a2
https://vuldb.com/?ctiid.284521
https://vuldb.com/?id.284521
https://vuldb.com/?submit.437207

Type	Values Removed	Values Added
First Time appeared		Apereo Apereo cas
CPEs		cpe:2.3:a:apereo:cas:6.6:::::::*
Vendors & Products		Apereo Apereo cas
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Type	Values Removed	Values Added
Description		A vulnerability has been found in Apereo CAS 6.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login. The manipulation of the argument redirect_uri leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title		Apereo CAS login redirect
Weaknesses		CWE-601
References		https://gist.github.com/0xArthurSouza/68295d8fa20f18161945260fcdf842a2 https://vuldb.com/?ctiid.284521 https://vuldb.com/?id.284521 https://vuldb.com/?submit.437207
Metrics		cvssV2_0 `{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:P/A:N'}` cvssV3_0 `{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}` cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-11207", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-11-14T06:53:11.652Z", "datePublished": "2024-11-14T12:31:04.225Z", "dateUpdated": "2024-11-14T19:32:28.671Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-11-14T12:31:04.225Z"}, "title": "Apereo CAS login redirect", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-601", "lang": "en", "description": "Open Redirect"}]}], "affected": [{"vendor": "Apereo", "product": "CAS", "versions": [{"version": "6.6", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Apereo CAS 6.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login. The manipulation of the argument redirect_uri leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "In Apereo CAS 6.6 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /login. Mittels Manipulieren des Arguments redirect_uri mit unbekannten Daten kann eine open redirect-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "timeline": [{"time": "2024-11-14T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-11-14T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-11-14T07:58:24.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Arthur Souza (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.284521", "name": "VDB-284521 | Apereo CAS login redirect", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.284521", "name": "VDB-284521 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.437207", "name": "Submit #437207 | Apereo CAS 6.6 Open Redirect", "tags": ["third-party-advisory"]}, {"url": "https://gist.github.com/0xArthurSouza/68295d8fa20f18161945260fcdf842a2", "tags": ["exploit"]}]}, "adp": [{"affected": [{"vendor": "apereo", "product": "cas", "cpes": ["cpe:2.3:a:apereo:cas:6.6:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "6.6", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-14T18:46:20.660109Z", "id": "CVE-2024-11207", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-14T19:32:28.671Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2024-11207 (string)

assignerOrgId : 1af790b2-7ee1-4545-860a-a788eba489b5 (string)

state : PUBLISHED (string)

assignerShortName : VulDB (string)

dateReserved : 2024-11-14T06:53:11.652Z (string)

datePublished : 2024-11-14T12:31:04.225Z (string)

dateUpdated : 2024-11-14T19:32:28.671Z (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 1af790b2-7ee1-4545-860a-a788eba489b5 (string)

shortName : VulDB (string)

dateUpdated : 2024-11-14T12:31:04.225Z (string)

}

title : Apereo CAS login redirect (string)

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : CWE (string)

cweId : CWE-601 (string)

lang : en (string)

description : Open Redirect (string)

}

]

}

]

affected : [ »

0 : { »

vendor : Apereo (string)

product : CAS (string)

versions : [ »

0 : { »

version : 6.6 (string)

status : affected (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability has been found in Apereo CAS 6.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login. The manipulation of the argument redirect_uri leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. (string)

}

1 : { »

lang : de (string)

value : In Apereo CAS 6.6 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalität der Datei /login. Mittels Manipulieren des Arguments redirect_uri mit unbekannten Daten kann eine open redirect-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung. (string)

}

]

metrics : [ »

0 : { »

cvssV4_0 : { »

version : 4.0 (string)

baseScore : 5.3 (number)

vectorString : CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N (string)

baseSeverity : MEDIUM (string)

}

1 : { »

cvssV3_1 : { »

version : 3.1 (string)

baseScore : 4.3 (number)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N (string)

baseSeverity : MEDIUM (string)

}

2 : { »

cvssV3_0 : { »

version : 3.0 (string)

baseScore : 4.3 (number)

vectorString : CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N (string)

baseSeverity : MEDIUM (string)

}

3 : { »

cvssV2_0 : { »

version : 2.0 (string)

baseScore : 4 (number)

vectorString : AV:N/AC:L/Au:S/C:N/I:P/A:N (string)

}

]

timeline : [ »

0 : { »

time : 2024-11-14T00:00:00.000Z (string)

lang : en (string)

value : Advisory disclosed (string)

}

1 : { »

time : 2024-11-14T01:00:00.000Z (string)

lang : en (string)

value : VulDB entry created (string)

}

2 : { »

time : 2024-11-14T07:58:24.000Z (string)

lang : en (string)

value : VulDB entry last update (string)

}

]

credits : [ »

0 : { »

lang : en (string)

value : Arthur Souza (VulDB User) (string)

type : reporter (string)

}

]

references : [ »

0 : { »

url : https://vuldb.com/?id.284521 (string)

name : VDB-284521 | Apereo CAS login redirect (string)

tags : [ »

0 : vdb-entry (string)

1 : technical-description (string)

]

}

1 : { »

url : https://vuldb.com/?ctiid.284521 (string)

name : VDB-284521 | CTI Indicators (IOB, IOC, TTP, IOA) (string)

tags : [ »

0 : signature (string)

1 : permissions-required (string)

]

}

2 : { »

url : https://vuldb.com/?submit.437207 (string)

name : Submit #437207 | Apereo CAS 6.6 Open Redirect (string)

tags : [ »

0 : third-party-advisory (string)

]

}

3 : { »

url : https://gist.github.com/0xArthurSouza/68295d8fa20f18161945260fcdf842a2 (string)

tags : [ »

0 : exploit (string)

]

}

]

}

adp : [ »

0 : { »

affected : [ »

0 : { »

vendor : apereo (string)

product : cas (string)

cpes : [ »

0 : cpe:2.3:a:apereo:cas:6.6:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 6.6 (string)

status : affected (string)

}

]

}

]

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2024-11-14T18:46:20.660109Z (string)

id : CVE-2024-11207 (string)

options : [ »

0 : { »

Exploitation : poc (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-11-14T19:32:28.671Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-11207", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-14T18:46:20.660109Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:apereo:cas:6.6:*:*:*:*:*:*:*"], "vendor": "apereo", "product": "cas", "versions": [{"status": "affected", "version": "6.6"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-14T19:06:08.489Z"}}], "cna": {"title": "Apereo CAS login redirect", "credits": [{"lang": "en", "type": "reporter", "value": "Arthur Souza (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "affected": [{"vendor": "Apereo", "product": "CAS", "versions": [{"status": "affected", "version": "6.6"}]}], "timeline": [{"lang": "en", "time": "2024-11-14T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2024-11-14T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2024-11-14T07:58:24.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.284521", "name": "VDB-284521 | Apereo CAS login redirect", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.284521", "name": "VDB-284521 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.437207", "name": "Submit #437207 | Apereo CAS 6.6 Open Redirect", "tags": ["third-party-advisory"]}, {"url": "https://gist.github.com/0xArthurSouza/68295d8fa20f18161945260fcdf842a2", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Apereo CAS 6.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login. The manipulation of the argument redirect_uri leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "In Apereo CAS 6.6 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /login. Mittels Manipulieren des Arguments redirect_uri mit unbekannten Daten kann eine open redirect-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-601", "description": "Open Redirect"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-11-14T12:31:04.225Z"}}}, "cveMetadata": {"cveId": "CVE-2024-11207", "state": "PUBLISHED", "dateUpdated": "2024-11-14T19:32:28.671Z", "dateReserved": "2024-11-14T06:53:11.652Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2024-11-14T12:31:04.225Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2024-11207 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : poc (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-11-14T18:46:20.660109Z (string)

}

]

affected : [ »

0 : { »

cpes : [ »

0 : cpe:2.3:a:apereo:cas:6.6:*:*:*:*:*:*:* (string)

]

vendor : apereo (string)

product : cas (string)

versions : [ »

0 : { »

status : affected (string)

version : 6.6 (string)

}

]

defaultStatus : unknown (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-11-14T19:06:08.489Z (string)

}

]

cna : { »

title : Apereo CAS login redirect (string)

credits : [ »

0 : { »

lang : en (string)

type : reporter (string)

value : Arthur Souza (VulDB User) (string)

}

]

metrics : [ »

0 : { »

cvssV4_0 : { »

version : 4.0 (string)

baseScore : 5.3 (number)

baseSeverity : MEDIUM (string)

vectorString : CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N (string)

}

1 : { »

cvssV3_1 : { »

version : 3.1 (string)

baseScore : 4.3 (number)

baseSeverity : MEDIUM (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N (string)

}

2 : { »

cvssV3_0 : { »

version : 3.0 (string)

baseScore : 4.3 (number)

baseSeverity : MEDIUM (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N (string)

}

3 : { »

cvssV2_0 : { »

version : 2.0 (string)

baseScore : 4 (number)

vectorString : AV:N/AC:L/Au:S/C:N/I:P/A:N (string)

}

]

affected : [ »

0 : { »

vendor : Apereo (string)

product : CAS (string)

versions : [ »

0 : { »

status : affected (string)

version : 6.6 (string)

}

]

}

]

timeline : [ »

0 : { »

lang : en (string)

time : 2024-11-14T00:00:00.000Z (string)

value : Advisory disclosed (string)

}

1 : { »

lang : en (string)

time : 2024-11-14T01:00:00.000Z (string)

value : VulDB entry created (string)

}

2 : { »

lang : en (string)

time : 2024-11-14T07:58:24.000Z (string)

value : VulDB entry last update (string)

}

]

references : [ »

0 : { »

url : https://vuldb.com/?id.284521 (string)

name : VDB-284521 | Apereo CAS login redirect (string)

tags : [ »

0 : vdb-entry (string)

1 : technical-description (string)

]

}

1 : { »

url : https://vuldb.com/?ctiid.284521 (string)

name : VDB-284521 | CTI Indicators (IOB, IOC, TTP, IOA) (string)

tags : [ »

0 : signature (string)

1 : permissions-required (string)

]

}

2 : { »

url : https://vuldb.com/?submit.437207 (string)

name : Submit #437207 | Apereo CAS 6.6 Open Redirect (string)

tags : [ »

0 : third-party-advisory (string)

]

}

3 : { »

url : https://gist.github.com/0xArthurSouza/68295d8fa20f18161945260fcdf842a2 (string)

tags : [ »

0 : exploit (string)

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability has been found in Apereo CAS 6.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login. The manipulation of the argument redirect_uri leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. (string)

}

1 : { »

lang : de (string)

value : In Apereo CAS 6.6 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalität der Datei /login. Mittels Manipulieren des Arguments redirect_uri mit unbekannten Daten kann eine open redirect-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-601 (string)

description : Open Redirect (string)

}

]

}

]

providerMetadata : { »

orgId : 1af790b2-7ee1-4545-860a-a788eba489b5 (string)

shortName : VulDB (string)

dateUpdated : 2024-11-14T12:31:04.225Z (string)

}

cveMetadata : { »

cveId : CVE-2024-11207 (string)

state : PUBLISHED (string)

dateUpdated : 2024-11-14T19:32:28.671Z (string)

dateReserved : 2024-11-14T06:53:11.652Z (string)

assignerOrgId : 1af790b2-7ee1-4545-860a-a788eba489b5 (string)

datePublished : 2024-11-14T12:31:04.225Z (string)

assignerShortName : VulDB (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Apereo CAS 6.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login. The manipulation of the argument redirect_uri leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en Apereo CAS 6.6 y se ha clasificado como problem\u00e1tica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /login. La manipulaci\u00f3n del argumento redirect_uri provoca una redirecci\u00f3n abierta. El ataque se puede ejecutar de forma remota. El exploit se ha divulgado al p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."}], "id": "CVE-2024-11207", "lastModified": "2024-11-15T13:58:08.913", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "LOW"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-11-14T13:15:04.603", "references": [{"source": "cna@vuldb.com", "url": "https://gist.github.com/0xArthurSouza/68295d8fa20f18161945260fcdf842a2"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.284521"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.284521"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.437207"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability has been found in Apereo CAS 6.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login. The manipulation of the argument redirect_uri leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. (string)

}

1 : { »

lang : es (string)

value : Se ha encontrado una vulnerabilidad en Apereo CAS 6.6 y se ha clasificado como problemática. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /login. La manipulación del argumento redirect_uri provoca una redirección abierta. El ataque se puede ejecutar de forma remota. El exploit se ha divulgado al público y puede utilizarse. Se contactó al proveedor con anticipación sobre esta divulgación, pero no respondió de ninguna manera. (string)

}

]

id : CVE-2024-11207 (string)

lastModified : 2024-11-15T13:58:08.913 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : NONE (string)

baseScore : 4 (number)

confidentialityImpact : NONE (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:S/C:N/I:P/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 8 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : cna@vuldb.com (string)

type : Secondary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 4.3 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : LOW (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 1.4 (number)

source : cna@vuldb.com (string)

type : Secondary (string)

}

]

cvssMetricV40 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackRequirements : NONE (string)

attackVector : NETWORK (string)

automatable : NOT_DEFINED (string)

availabilityRequirements : NOT_DEFINED (string)

baseScore : 5.3 (number)

baseSeverity : MEDIUM (string)

confidentialityRequirements : NOT_DEFINED (string)

exploitMaturity : NOT_DEFINED (string)

integrityRequirements : NOT_DEFINED (string)

modifiedAttackComplexity : NOT_DEFINED (string)

modifiedAttackRequirements : NOT_DEFINED (string)

modifiedAttackVector : NOT_DEFINED (string)

modifiedPrivilegesRequired : NOT_DEFINED (string)

modifiedSubsequentSystemAvailability : NOT_DEFINED (string)

modifiedSubsequentSystemConfidentiality : NOT_DEFINED (string)

modifiedSubsequentSystemIntegrity : NOT_DEFINED (string)

modifiedUserInteraction : NOT_DEFINED (string)

modifiedVulnerableSystemAvailability : NOT_DEFINED (string)

modifiedVulnerableSystemConfidentiality : NOT_DEFINED (string)

modifiedVulnerableSystemIntegrity : NOT_DEFINED (string)

privilegesRequired : LOW (string)

providerUrgency : NOT_DEFINED (string)

recovery : NOT_DEFINED (string)

safety : NOT_DEFINED (string)

subsequentSystemAvailability : NONE (string)

subsequentSystemConfidentiality : NONE (string)

subsequentSystemIntegrity : NONE (string)

userInteraction : NONE (string)

valueDensity : NOT_DEFINED (string)

vectorString : CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X (string)

version : 4.0 (string)

vulnerabilityResponseEffort : NOT_DEFINED (string)

vulnerableSystemAvailability : NONE (string)

vulnerableSystemConfidentiality : NONE (string)

vulnerableSystemIntegrity : LOW (string)

}

source : cna@vuldb.com (string)

type : Secondary (string)

}

]

}

published : 2024-11-14T13:15:04.603 (string)

references : [ »

0 : { »

source : cna@vuldb.com (string)

url : https://gist.github.com/0xArthurSouza/68295d8fa20f18161945260fcdf842a2 (string)

}

1 : { »

source : cna@vuldb.com (string)

url : https://vuldb.com/?ctiid.284521 (string)

}

2 : { »

source : cna@vuldb.com (string)

url : https://vuldb.com/?id.284521 (string)

}

3 : { »

source : cna@vuldb.com (string)

url : https://vuldb.com/?submit.437207 (string)

}

]

sourceIdentifier : cna@vuldb.com (string)

vulnStatus : Awaiting Analysis (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-601 (string)

}

]

source : cna@vuldb.com (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object