High severity8.8NVD Advisory· Published Jul 20, 2018· Updated Jun 17, 2026

CVE-2014-2296

Description

XML external entity (XXE) vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remote unauthenticated users to bypass authentication via crafted XML data.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Apereo/Casinferred
Range: <3.4.12.1 || >=3.5.0,<3.5.2.1
Jasig/CAS serverllm-create
Range: <3.4.12.1 and <3.5.2.1
Jasig/CASllm-create
Range: <3.4.12.1 and <3.5.2.1

Patches

Vulnerability mechanics

References

jasig.275507.n4.nabble.com/CAS-3-5-2-1-and-3-4-12-1-Security-Releases-td4662444.htmlnvdRelease NotesVendor Advisory
vigilance.fr/vulnerability/Jasig-CAS-Server-bypassing-authentication-via-Google-Accounts-Integration-14512nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000