← volver
CVE-2019-10754

CVE-2019-10754

EPSS 1.8%
Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong.
Productos afectados
n/a · Apereo CAS

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-467402https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-467404https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-467406https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-468868https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-468869