First published: Tue Dec 07 2021(Updated: )
Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apereo Central Authentication Service | >=6.3.0<6.3.7.1 | |
Apereo Central Authentication Service | >=6.4.0<6.4.2 | |
>=6.3.0<6.3.7.1 | ||
>=6.4.0<6.4.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-42567 is a vulnerability in Apereo CAS that allows XSS via POST requests sent to the REST API endpoints.
CVE-2021-42567 has a severity rating of medium.
Apereo CAS versions 6.3.0 to 6.3.7.1 and versions 6.4.0 to 6.4.2 are affected by CVE-2021-42567.
An attacker can exploit CVE-2021-42567 by sending malicious POST requests to the REST API endpoints.
Yes, the fix for CVE-2021-42567 is available in the latest release of Apereo CAS. It is recommended to update to the latest version to mitigate this vulnerability.