Banner Student XSS / Information Disclosure / Open Redirect

Banner Student XSS / Information Disclosure / Open Redirect: Posted Dec 3, 2015; Authored by Sean Dillon; Banner Student suffers from cross site scripting, information disclosure, user enumeration, and open redirect vulnerabilities. Versions affected range through 8.5.1.2 to 8.7.; tags | advisory, vulnerability, xss, info disclosure; advisories | CVE-2015-4687, CVE-2015-4688, CVE-2015-4689, CVE-2015-5054; SHA-256 | ac1224d3a2c05dfbbfdcac9ff7ec8f63d106fdc3c9fd7d2a3d28f25b3baf9aac; Download | Favorite | View

Banner Student XSS / Information Disclosure / Open Redirect

Previous CVEs for Banner Student were filed under vendor SunGard. All vulnerabilities are fixed in patch pcr-000134142_bws8070102, in latest version of the product (8.7.1.2) as of November 26, 2015.

-----

Product: Banner Student
Vendor: Ellucian Company L.P.
Vulnerable Version: 8.5.1.2 - 8.7
Tested Version: 8.7
Vendor Notification: June 18, 2015
Public Disclosure: December 2, 2015
Vulnerability Type: URL Redirection to Untrusted Site ('Open Redirect') [CWE-601]
CVE Reference: CVE-2015-5054
Risk Level: Medium
CVSSv2 Base Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)
CVSSv3 Base Score: 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Mitigation: None, Upgrade to 8.7.1.2
Discovered and Provided: RiskSense, Inc.

Advisory Details:

Open Redirect in Ellucian Banner Student: CVE-2015-5054

A user can be redirected to a malicious page when a link is clicked from a crafted URL.

References:

[1] Ellucian Company L.P. - http://www.ellucian.com/
[2] Banner Student - http://www.ellucian.com/Software/Banner-Student/
[3] OWASP A10 - https://www.owasp.org/index.php/Top_10_2013-A10-Unvalidated_Redirects_and_Forwards
[4] CWE-601 - https://cwe.mitre.org/data/definitions/601.html

-----

Product: Banner Student
Vendor: Ellucian Company L.P.
Vulnerable Version: 8.5.1.2
Tested Version: 8.5.1.2
Vendor Notification: June 18, 2015
Public Disclosure: December 2, 2015
Vulnerability Type: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') [CWE-79]
CVE Reference: CVE-2015-4687
Risk Level: Medium
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSSv3 Base Score: 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Mitigation: None, Upgrade to 8.7.1.2
Discovered and Provided: Ellucian Company L.P.

Advisory Details:

Reflected Cross-Site Scripting (XSS) in Ellucian Banner Student: CVE-2015-4687

Unsanitized data input from application parameters allows an attacker to execute arbitrary JavaScript code using a malicious URL.

References:

[1] Ellucian Company L.P. - http://www.ellucian.com/
[2] Banner Student - http://www.ellucian.com/Software/Banner-Student/
[3] OWASP A3 - https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS)
[4] CWE-79 - https://cwe.mitre.org/data/definitions/79.html

-----

Product: Banner Student
Vendor: Ellucian Company L.P.
Vulnerable Version: 8.5.1.2 - 8.7
Tested Version: 8.7
Vendor Notification: June 18, 2015
Public Disclosure: December 2, 2015
Vulnerability Type: Information Exposure Through Discrepancy [CWE-203]
CVE Reference: CVE-2015-4688
Risk Level: Medium
CVSSv2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSSv3 Base Score: 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Mitigation: None, Upgrade to 8.7.1.2
Discovered and Provided: Ellucian Company L.P.

Advisory Details:

User Enumeration in Ellucian Banner Student: CVE-2015-4688

Differences between server responses can be used to brute-force user accounts in the system.

References:

[1] Ellucian Company L.P. - http://www.ellucian.com/
[2] Banner Student - http://www.ellucian.com/Software/Banner-Student/
[3] OWASP A2 - https://www.owasp.org/index.php/Top_10_2013-A2-Broken_Authentication_and_Session_Management
[4] CWE-203 - https://cwe.mitre.org/data/definitions/203.html

-----

Product: Banner Student
Vendor: Ellucian Company L.P.
Vulnerable Version: 8.5.1.2 - 8.7
Tested Version: 8.7
Vendor Notification: June 18, 2015
Public Disclosure: December 2, 2015
Vulnerability Type: Weak Password Recovery Mechanism for Forgotten Password [CWE-640]
CVE Reference: CVE-2015-4689
Risk Level: Medium - High
CVSSv2 Base Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)
CVSSv3 Base Score: 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N)
Mitigation: None, Upgrade to 8.7.1.2
Discovered and Provided: Ellucian Company L.P.

Advisory Details:

Weak Password Reset in Ellucian Banner Student: CVE-2015-4689

An attacker is able to change login credentials of users through a weak password reset mechanism.

References:

[1] Ellucian Company L.P. - http://www.ellucian.com/
[2] Banner Student - http://www.ellucian.com/Software/Banner-Student/
[3] OWASP A2 - https://www.owasp.org/index.php/Top_10_2013-A2-Broken_Authentication_and_Session_Management
[4] CWE-640 - https://cwe.mitre.org/data/definitions/640.html

-----

RiskSense, Inc. Security Analysts: Dylan Davis, Sean Dillon, Zachary Harding

Top Authors In Last 30 Days

Red Hat 183 files
Ubuntu 59 files
Debian 20 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Apple 6 files
Google Security Research 6 files
E1.Coders 4 files
Ersin Erenler 4 files
tmrswrr 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,007)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,166)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,459)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,428)
UNIX (9,390)
UnixWare (187)
Windows (6,647)
Other

Banner Student XSS / Information Disclosure / Open Redirect

Banner Student XSS / Information Disclosure / Open Redirect

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Banner Student XSS / Information Disclosure / Open Redirect

Share This

Banner Student XSS / Information Disclosure / Open Redirect

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems