Vulnerabilities > Apereo

DATE CVE VULNERABILITY TITLE RISK
2021-06-16 CVE-2021-32623 XML Entity Expansion vulnerability in Apereo Opencast
Opencast is a free and open source solution for automated video capture and distribution.
network
low complexity
apereo CWE-776
4.0
2021-02-18 CVE-2021-21318 Incorrect Authorization vulnerability in Apereo Opencast
Opencast is a free, open-source platform to support the management of educational audio and video content.
network
low complexity
apereo CWE-863
5.5
2020-12-08 CVE-2020-26234 Origin Validation Error vulnerability in Apereo Opencast
Opencast before versions 8.9 and 7.9 disables HTTPS hostname verification of its HTTP client used for a large portion of Opencast's HTTP requests.
network
high complexity
apereo CWE-346
2.1
2020-10-16 CVE-2020-27178 Improper Authentication vulnerability in Apereo Central Authentication Service
Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication.
network
low complexity
apereo CWE-287
5.0
2020-01-30 CVE-2020-5231 Incorrect Default Permissions vulnerability in Apereo Opencast
In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN can use the user-utils endpoint to create new users not including the role ROLE_ADMIN.
network
low complexity
apereo CWE-276
4.0
2020-01-30 CVE-2020-5206 Improper Authentication vulnerability in Apereo Opencast
In Opencast before 7.6 and 8.1, using a remember-me cookie with an arbitrary username can cause Opencast to assume proper authentication for that user even if the remember-me cookie was incorrect given that the attacked endpoint also allows anonymous access.
network
low complexity
apereo CWE-287
6.4
2020-01-30 CVE-2020-5230 Injection vulnerability in Apereo Opencast
Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used.
network
low complexity
apereo CWE-74
5.0
2020-01-30 CVE-2020-5222 Use of Hard-coded Credentials vulnerability in Apereo Opencast
Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an additional system key.
network
low complexity
apereo CWE-798
6.5
2020-01-30 CVE-2020-5229 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Apereo Opencast
Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm.
network
low complexity
apereo CWE-327
5.5
2020-01-30 CVE-2020-5228 Missing Authorization vulnerability in Apereo Opencast
Opencast before 8.1 and 7.6 allows unauthorized public access to all media and metadata by default via OAI-PMH.
network
low complexity
apereo CWE-862
5.0