Vulnerabilities (CVE)

Filtered by vendor Apereo Subscribe
Filtered by product Cas Server
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-2296 1 Apereo 1 Cas Server 2024-11-21 6.8 MEDIUM 8.8 HIGH
XML external entity (XXE) vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remote unauthenticated users to bypass authentication via crafted XML data.