exploit the possibilities

Banner Student XSS / Information Disclosure / Open Redirect

Banner Student XSS / Information Disclosure / Open Redirect
Posted Dec 3, 2015
Authored by Sean Dillon

Banner Student suffers from cross site scripting, information disclosure, user enumeration, and open redirect vulnerabilities. Versions affected range through 8.5.1.2 to 8.7.

tags | advisory, vulnerability, xss, info disclosure
advisories | CVE-2015-4687, CVE-2015-4688, CVE-2015-4689, CVE-2015-5054
MD5 | b91400b80b1df8d0a07db08a9a65127a

Banner Student XSS / Information Disclosure / Open Redirect

Change Mirror Download
Previous CVEs for Banner Student were filed under vendor SunGard. All vulnerabilities are fixed in patch pcr-000134142_bws8070102, in latest version of the product (8.7.1.2) as of November 26, 2015.

-----

Product: Banner Student
Vendor: Ellucian Company L.P.
Vulnerable Version: 8.5.1.2 - 8.7
Tested Version: 8.7
Vendor Notification: June 18, 2015
Public Disclosure: December 2, 2015
Vulnerability Type: URL Redirection to Untrusted Site ('Open Redirect') [CWE-601]
CVE Reference: CVE-2015-5054
Risk Level: Medium
CVSSv2 Base Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)
CVSSv3 Base Score: 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Mitigation: None, Upgrade to 8.7.1.2
Discovered and Provided: RiskSense, Inc.

Advisory Details:

Open Redirect in Ellucian Banner Student: CVE-2015-5054

A user can be redirected to a malicious page when a link is clicked from a crafted URL.

References:

[1] Ellucian Company L.P. - http://www.ellucian.com/
[2] Banner Student - http://www.ellucian.com/Software/Banner-Student/
[3] OWASP A10 - https://www.owasp.org/index.php/Top_10_2013-A10-Unvalidated_Redirects_and_Forwards
[4] CWE-601 - https://cwe.mitre.org/data/definitions/601.html

-----

Product: Banner Student
Vendor: Ellucian Company L.P.
Vulnerable Version: 8.5.1.2
Tested Version: 8.5.1.2
Vendor Notification: June 18, 2015
Public Disclosure: December 2, 2015
Vulnerability Type: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') [CWE-79]
CVE Reference: CVE-2015-4687
Risk Level: Medium
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSSv3 Base Score: 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Mitigation: None, Upgrade to 8.7.1.2
Discovered and Provided: Ellucian Company L.P.

Advisory Details:

Reflected Cross-Site Scripting (XSS) in Ellucian Banner Student: CVE-2015-4687

Unsanitized data input from application parameters allows an attacker to execute arbitrary JavaScript code using a malicious URL.

References:

[1] Ellucian Company L.P. - http://www.ellucian.com/
[2] Banner Student - http://www.ellucian.com/Software/Banner-Student/
[3] OWASP A3 - https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS)
[4] CWE-79 - https://cwe.mitre.org/data/definitions/79.html

-----

Product: Banner Student
Vendor: Ellucian Company L.P.
Vulnerable Version: 8.5.1.2 - 8.7
Tested Version: 8.7
Vendor Notification: June 18, 2015
Public Disclosure: December 2, 2015
Vulnerability Type: Information Exposure Through Discrepancy [CWE-203]
CVE Reference: CVE-2015-4688
Risk Level: Medium
CVSSv2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSSv3 Base Score: 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Mitigation: None, Upgrade to 8.7.1.2
Discovered and Provided: Ellucian Company L.P.

Advisory Details:

User Enumeration in Ellucian Banner Student: CVE-2015-4688

Differences between server responses can be used to brute-force user accounts in the system.

References:

[1] Ellucian Company L.P. - http://www.ellucian.com/
[2] Banner Student - http://www.ellucian.com/Software/Banner-Student/
[3] OWASP A2 - https://www.owasp.org/index.php/Top_10_2013-A2-Broken_Authentication_and_Session_Management
[4] CWE-203 - https://cwe.mitre.org/data/definitions/203.html

-----

Product: Banner Student
Vendor: Ellucian Company L.P.
Vulnerable Version: 8.5.1.2 - 8.7
Tested Version: 8.7
Vendor Notification: June 18, 2015
Public Disclosure: December 2, 2015
Vulnerability Type: Weak Password Recovery Mechanism for Forgotten Password [CWE-640]
CVE Reference: CVE-2015-4689
Risk Level: Medium - High
CVSSv2 Base Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)
CVSSv3 Base Score: 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N)
Mitigation: None, Upgrade to 8.7.1.2
Discovered and Provided: Ellucian Company L.P.

Advisory Details:

Weak Password Reset in Ellucian Banner Student: CVE-2015-4689

An attacker is able to change login credentials of users through a weak password reset mechanism.

References:

[1] Ellucian Company L.P. - http://www.ellucian.com/
[2] Banner Student - http://www.ellucian.com/Software/Banner-Student/
[3] OWASP A2 - https://www.owasp.org/index.php/Top_10_2013-A2-Broken_Authentication_and_Session_Management
[4] CWE-640 - https://cwe.mitre.org/data/definitions/640.html

-----

RiskSense, Inc. Security Analysts: Dylan Davis, Sean Dillon, Zachary Harding

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    25 Files
  • 17
    Oct 17th
    17 Files
  • 18
    Oct 18th
    7 Files
  • 19
    Oct 19th
    1 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close