Arthur Souza

**Name of the Vulnerable Software and Affected Versions** Apereo CAS version 6.6 **Description** A vulnerability has been found in Apereo CAS, affecting an unknown functionality of the file /login. The manipulation of the `redirect uri` argument leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For Apereo CAS version 6.6, update to the latest release to mitigate risks. Apply the latest patches and review security configurations to ensure the system is secure. As a temporary workaround, consider restricting access to the /login file until a patch is available. Avoid using the `redirect uri` argument in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Apereo CAS version 6.6 **Description** A vulnerability was found in Apereo CAS, affecting some unknown functionality of the file /login?service, leading to session expiration. The attack may be launched remotely, with a rather high complexity and difficult exploitation. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For Apereo CAS version 6.6, update to the latest release to mitigate risks. As a temporary workaround, consider restricting access to the /login?service file until a patch is available. Additionally, applying the latest patches and reviewing security configurations can help remediate the issue.

**Name of the Vulnerable Software and Affected Versions** Apereo CAS version 6.6 **Description** A critical issue affects the 2FA component of Apereo CAS, specifically an unknown part of the file `/login?service`. This leads to improper authentication and can be initiated remotely. The exploit has been disclosed publicly, and the vendor was contacted but did not respond. **Recommendations** For Apereo CAS version 6.6, update to the latest patch to mitigate the risk of exploitation. As a temporary workaround, consider restricting access to the `/login?service` file of the 2FA component until a patch is available.

Name of the Vulnerable Software and Affected Versions: Apache CloudStack versions 4.15.1.0 through 4.18.2.3 Apache CloudStack versions 4.19.0.0 through 4.19.1.1 Description: The logout operation in the CloudStack web interface does not expire the user session completely, which remains valid until expiry by time or restart of the backend service. An attacker with access to a user's browser can use an unexpired session to gain access to resources owned by the logged out user account. Recommendations: For Apache CloudStack versions 4.15.1.0 through 4.18.2.3, upgrade to Apache CloudStack 4.18.2.4 or later. For Apache CloudStack versions 4.19.0.0 through 4.19.1.1, upgrade to Apache CloudStack 4.19.1.2 or later.

Name of the Vulnerable Software and Affected Versions: Apache CloudStack versions 4.15.1.0 through 4.18.2.3 Apache CloudStack versions 4.19.0.0 through 4.19.1.1 Description: The issue allows attackers to trick users logged into the Apache CloudStack's web interface into submitting malicious CSRF requests due to missing validation of the origin of the requests. This can lead to account takeover, disruption, exposure of sensitive data, and compromise of the integrity of resources owned by the user account managed by the platform. Recommendations: For Apache CloudStack versions 4.15.1.0 through 4.18.2.3, upgrade to Apache CloudStack 4.18.2.4 or later. For Apache CloudStack versions 4.19.0.0 through 4.19.1.1, upgrade to Apache CloudStack 4.19.1.2 or later. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation.