VYPR
High severityNVD Advisory· Published Sep 23, 2019· Updated Aug 4, 2024

CVE-2019-10754

CVE-2019-10754

Description

Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apereo.cas:cas-server-support-simple-mfaMaven
< 6.1.0-RC56.1.0-RC5
org.apereo.cas:cas-server-support-oidcMaven
< 6.1.0-RC56.1.0-RC5
org.apereo.cas:cas-server-core-services-apiMaven
< 6.1.0-RC56.1.0-RC5
org.apereo.cas:cas-server-support-oauth-core-apiMaven
< 6.1.0-RC56.1.0-RC5
org.apereo.cas:cas-server-support-shellMaven
< 6.1.0-RC56.1.0-RC5
org.apereo.cas:cas-server-core-services-authenticationMaven
< 6.1.0-RC56.1.0-RC5

Affected products

7

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.