CVE-2023-4612

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 9, 2023

Updated: Nov 17, 2023

CWE ID 321

CWE ID 325

Summary

CVE-2023-4612 is an Improper Authentication vulnerability affecting Apereo CAS's jakarta.servlet.http.HttpServletRequest.getRemoteAddr method. This issue enables Multi-Factor Authentication bypass, putting versions of CAS up to and including 7.0.0-RC7 at risk. The vendor has not released a patch for this vulnerability, and it is currently unknown if future versions will address the issue. The vendor does not consider it as a vulnerability, leaving affected organizations without a readily available solution.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

NATS Server

Affected Vendors

NatSteel

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tCGFR8
https://www.cve.org/CVERecord?id=CVE-2023-4612
https://nvd.nist.gov/vuln/detail/CVE-2023-4612

Back to Vulnerability Database