{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-11207","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2024-11-14T06:53:11.652Z","datePublished":"2024-11-14T12:31:04.225Z","dateUpdated":"2024-11-14T19:32:28.671Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2024-11-14T12:31:04.225Z"},"title":"Apereo CAS login redirect","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-601","lang":"en","description":"Open Redirect"}]}],"affected":[{"vendor":"Apereo","product":"CAS","versions":[{"version":"6.6","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability has been found in Apereo CAS 6.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login. The manipulation of the argument redirect_uri leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."},{"lang":"de","value":"In Apereo CAS 6.6 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalität der Datei /login. Mittels Manipulieren des Arguments redirect_uri mit unbekannten Daten kann eine open redirect-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":4.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":4.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":4,"vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N"}}],"timeline":[{"time":"2024-11-14T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2024-11-14T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2024-11-14T07:58:24.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"Arthur Souza (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.284521","name":"VDB-284521 | Apereo CAS login redirect","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.284521","name":"VDB-284521 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.437207","name":"Submit #437207 | Apereo CAS 6.6 Open Redirect","tags":["third-party-advisory"]},{"url":"https://gist.github.com/0xArthurSouza/68295d8fa20f18161945260fcdf842a2","tags":["exploit"]}]},"adp":[{"affected":[{"vendor":"apereo","product":"cas","cpes":["cpe:2.3:a:apereo:cas:6.6:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"6.6","status":"affected"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-11-14T18:46:20.660109Z","id":"CVE-2024-11207","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-14T19:32:28.671Z"}}]}}