VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-8j2r-kwyt-5bfw

Essentials
Severities (31)
References (21)
Severity details (27)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-8j2r-kwyt-5bfw
Aliases	CVE-2014-4172 GHSA-9fc5-q25c-r2wr
Summary
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-74	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	9.8	http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html
generic_textual	CRITICAL	http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html
epss	0.12676	https://api.first.org/data/v1/epss?cve=CVE-2014-4172
epss	0.12676	https://api.first.org/data/v1/epss?cve=CVE-2014-4172
epss	0.12676	https://api.first.org/data/v1/epss?cve=CVE-2014-4172
epss	0.12676	https://api.first.org/data/v1/epss?cve=CVE-2014-4172
cvssv3.1	9.8	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718
generic_textual	CRITICAL	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718
cvssv3.1	9.8	https://bugzilla.redhat.com/show_bug.cgi?id=1131350
generic_textual	CRITICAL	https://bugzilla.redhat.com/show_bug.cgi?id=1131350
cvssv3.1	9.8	https://exchange.xforce.ibmcloud.com/vulnerabilities/95673
generic_textual	CRITICAL	https://exchange.xforce.ibmcloud.com/vulnerabilities/95673
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-9fc5-q25c-r2wr
cvssv3.1	9.8	https://github.com/apereo/java-cas-client/commit/266eba7c2d870d70caba6f41576d19f2fcc869b1
generic_textual	CRITICAL	https://github.com/apereo/java-cas-client/commit/266eba7c2d870d70caba6f41576d19f2fcc869b1
cvssv3.1	9.8	https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d
generic_textual	CRITICAL	https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d
cvssv3.1	9.8	https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814
generic_textual	CRITICAL	https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814
cvssv3.1	9.8	https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog
generic_textual	CRITICAL	https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog
cvssv3.1	9.8	https://github.com/Jasig/phpCAS/pull/125
generic_textual	CRITICAL	https://github.com/Jasig/phpCAS/pull/125
cvssv3.1	9.8	https://issues.jasig.org/browse/CASC-228
generic_textual	CRITICAL	https://issues.jasig.org/browse/CASC-228
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2014-4172
generic_textual	CRITICAL	https://nvd.nist.gov/vuln/detail/CVE-2014-4172
cvssv3.1	9.8	https://www.debian.org/security/2014/dsa-3017.en.html
generic_textual	CRITICAL	https://www.debian.org/security/2014/dsa-3017.en.html
cvssv3.1	9.8	https://www.mail-archive.com/cas-user@lists.jasig.org/msg17338.html
generic_textual	CRITICAL	https://www.mail-archive.com/cas-user@lists.jasig.org/msg17338.html

Reference id	Reference type	URL
		http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4172.json
		https://api.first.org/data/v1/epss?cve=CVE-2014-4172
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4172
		https://exchange.xforce.ibmcloud.com/vulnerabilities/95673
		https://github.com/apereo/java-cas-client/commit/266eba7c2d870d70caba6f41576d19f2fcc869b1
		https://github.com/apereo/java-cas-client/commit/ab6cbdc3daa451b4fef89c0bd0f4e6568f3aa9ef
		https://github.com/apereo/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814
		https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d
		https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814
		https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog
		https://github.com/Jasig/phpCAS/pull/125
		https://issues.jasig.org/browse/CASC-228
		https://nvd.nist.gov/vuln/detail/CVE-2014-4172
		https://www.debian.org/security/2014/dsa-3017.en.html
		https://www.mail-archive.com/cas-user@lists.jasig.org/msg17338.html
1131350		https://bugzilla.redhat.com/show_bug.cgi?id=1131350
759718		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718
CVE-2014-4172		https://bugzilla.redhat.com/CVE-2014-4172
GHSA-9fc5-q25c-r2wr		https://github.com/advisories/GHSA-9fc5-q25c-r2wr
RHSA-2015:1009		https://access.redhat.com/errata/RHSA-2015:1009

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=1131350

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://exchange.xforce.ibmcloud.com/vulnerabilities/95673

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/apereo/java-cas-client/commit/266eba7c2d870d70caba6f41576d19f2fcc869b1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/Jasig/phpCAS/pull/125

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://issues.jasig.org/browse/CASC-228

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2014-4172

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2014/dsa-3017.en.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.mail-archive.com/cas-user@lists.jasig.org/msg17338.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.9414
EPSS Score	0.12676
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-10T18:20:06.322900+00:00	ProjectKB MSRImporter	Import	https://raw.githubusercontent.com/SAP/project-kb/master/MSR2019/dataset/vulas_db_msr2019_release.csv	38.6.0