CVE-2019-8978 (GCVE-0-2019-8978)

Vulnerability from cvelistv5 – Published: 2019-05-14 18:37 – Updated: 2024-08-04 21:31
VLAI?
Summary
An improper authentication vulnerability can be exploited through a race condition that occurs in Ellucian Banner Web Tailor 8.8.3, 8.8.4, and 8.9 and Banner Enterprise Identity Services 8.3, 8.3.1, 8.3.2, and 8.4, in conjunction with SSO Manager. This vulnerability allows remote attackers to steal a victim's session (and cause a denial of service) by repeatedly requesting the initial Banner Web Tailor main page with the IDMSESSID cookie set to the victim's UDCID, which in the case tested is the institutional ID. During a login attempt by a victim, the attacker can leverage the race condition and will be issued the SESSID that was meant for this victim.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T21:31:37.473Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190513 [CVE-2019-8978] Improper Authentication (CWE-287) in Ellucian Banner Web Tailor and Banner Enterprise Identity Services",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/May/18"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/152856/Ellucian-Banner-Web-Tailor-Banner-Enterprise-Identity-Services-Improper-Authentication.html"
          },
          {
            "name": "20190514 [CVE-2019-8978] Improper Authentication (CWE-287) in Ellucian Banner Web Tailor and Banner Enterprise Identity Services",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/May/31"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://raw.githubusercontent.com/JoshuaMulliken/CVE-2019-8978/master/README.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ecommunities.ellucian.com/message/252749#252749"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ecommunities.ellucian.com/message/252810#252810"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-05-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper authentication vulnerability can be exploited through a race condition that occurs in Ellucian Banner Web Tailor 8.8.3, 8.8.4, and 8.9 and Banner Enterprise Identity Services 8.3, 8.3.1, 8.3.2, and 8.4, in conjunction with SSO Manager. This vulnerability allows remote attackers to steal a victim\u0027s session (and cause a denial of service) by repeatedly requesting the initial Banner Web Tailor main page with the IDMSESSID cookie set to the victim\u0027s UDCID, which in the case tested is the institutional ID. During a login attempt by a victim, the attacker can leverage the race condition and will be issued the SESSID that was meant for this victim."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-14T18:41:58",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20190513 [CVE-2019-8978] Improper Authentication (CWE-287) in Ellucian Banner Web Tailor and Banner Enterprise Identity Services",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/May/18"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/152856/Ellucian-Banner-Web-Tailor-Banner-Enterprise-Identity-Services-Improper-Authentication.html"
        },
        {
          "name": "20190514 [CVE-2019-8978] Improper Authentication (CWE-287) in Ellucian Banner Web Tailor and Banner Enterprise Identity Services",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/May/31"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://raw.githubusercontent.com/JoshuaMulliken/CVE-2019-8978/master/README.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ecommunities.ellucian.com/message/252749#252749"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ecommunities.ellucian.com/message/252810#252810"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-8978",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An improper authentication vulnerability can be exploited through a race condition that occurs in Ellucian Banner Web Tailor 8.8.3, 8.8.4, and 8.9 and Banner Enterprise Identity Services 8.3, 8.3.1, 8.3.2, and 8.4, in conjunction with SSO Manager. This vulnerability allows remote attackers to steal a victim\u0027s session (and cause a denial of service) by repeatedly requesting the initial Banner Web Tailor main page with the IDMSESSID cookie set to the victim\u0027s UDCID, which in the case tested is the institutional ID. During a login attempt by a victim, the attacker can leverage the race condition and will be issued the SESSID that was meant for this victim."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190513 [CVE-2019-8978] Improper Authentication (CWE-287) in Ellucian Banner Web Tailor and Banner Enterprise Identity Services",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2019/May/18"
            },
            {
              "name": "http://packetstormsecurity.com/files/152856/Ellucian-Banner-Web-Tailor-Banner-Enterprise-Identity-Services-Improper-Authentication.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/152856/Ellucian-Banner-Web-Tailor-Banner-Enterprise-Identity-Services-Improper-Authentication.html"
            },
            {
              "name": "20190514 [CVE-2019-8978] Improper Authentication (CWE-287) in Ellucian Banner Web Tailor and Banner Enterprise Identity Services",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/May/31"
            },
            {
              "name": "https://raw.githubusercontent.com/JoshuaMulliken/CVE-2019-8978/master/README.txt",
              "refsource": "MISC",
              "url": "https://raw.githubusercontent.com/JoshuaMulliken/CVE-2019-8978/master/README.txt"
            },
            {
              "name": "https://ecommunities.ellucian.com/message/252749#252749",
              "refsource": "MISC",
              "url": "https://ecommunities.ellucian.com/message/252749#252749"
            },
            {
              "name": "https://ecommunities.ellucian.com/message/252810#252810",
              "refsource": "MISC",
              "url": "https://ecommunities.ellucian.com/message/252810#252810"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-8978",
    "datePublished": "2019-05-14T18:37:43",
    "dateReserved": "2019-02-20T00:00:00",
    "dateUpdated": "2024-08-04T21:31:37.473Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ellucian:banner_enterprise_identity_services:8.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D878177-0D5F-4757-86D0-16447A7243BE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ellucian:banner_enterprise_identity_services:8.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4353611E-DF11-4B8F-961D-9FC75F2F3E3F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ellucian:banner_enterprise_identity_services:8.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B2C00342-A1CA-4B43-9553-8048E3B82EF8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ellucian:banner_enterprise_identity_services:8.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8135459E-0B7B-4D2A-8187-499841A87E23\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ellucian:banner_web_tailor:8.8.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"924663A8-59E5-43B6-B41A-CD9D3CB503D4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ellucian:banner_web_tailor:8.8.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD7F92CB-0027-459A-8E1A-F211D560F091\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ellucian:banner_web_tailor:8.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B74CEB93-F7CA-4928-974D-9782EFC366FB\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An improper authentication vulnerability can be exploited through a race condition that occurs in Ellucian Banner Web Tailor 8.8.3, 8.8.4, and 8.9 and Banner Enterprise Identity Services 8.3, 8.3.1, 8.3.2, and 8.4, in conjunction with SSO Manager. This vulnerability allows remote attackers to steal a victim\u0027s session (and cause a denial of service) by repeatedly requesting the initial Banner Web Tailor main page with the IDMSESSID cookie set to the victim\u0027s UDCID, which in the case tested is the institutional ID. During a login attempt by a victim, the attacker can leverage the race condition and will be issued the SESSID that was meant for this victim.\"}, {\"lang\": \"es\", \"value\": \"Una Vulnerabilidad de identificaci\\u00f3n incorrecta, puede ser aprovechada a trav\\u00e9s de una  condici\\u00f3n de carrera  que ocurre en Ellucian Banner Web Tailor 8.8.3, 8.8.4, y 8.9 y Banner Enterprise Identity Services 8.3, 8.3.1, 8.3.2, and 8.4, en conjunci\\u00f3n  con  SSO Manager. Esta vulnerabilidad permite a los atacantes remotos robar sesiones de las victimas  ( y causar denegaci\\u00f3n de servicio) Solicitando repetidamente la p\\u00e1gina inicial Banner Web Tailor con la cookie IDMESSID, configurada para el UDCID de la v\\u00edctima, la cual en este caso es comprobada en la identificaci\\u00f3n institucional. Durante el intento de inicio por la v\\u00edctima, el atacante puede aprovechar esta condici\\u00f3n  de carrera y se le emitir\\u00e1 el SESSID que fue destinada para esta v\\u00edctima.\"}]",
      "id": "CVE-2019-8978",
      "lastModified": "2024-11-21T04:50:44.680",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-05-14T19:29:00.450",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/152856/Ellucian-Banner-Web-Tailor-Banner-Enterprise-Identity-Services-Improper-Authentication.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2019/May/18\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://ecommunities.ellucian.com/message/252749#252749\", \"source\": \"cve@mitre.org\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://ecommunities.ellucian.com/message/252810#252810\", \"source\": \"cve@mitre.org\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://raw.githubusercontent.com/JoshuaMulliken/CVE-2019-8978/master/README.txt\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/May/31\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/152856/Ellucian-Banner-Web-Tailor-Banner-Enterprise-Identity-Services-Improper-Authentication.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2019/May/18\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://ecommunities.ellucian.com/message/252749#252749\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://ecommunities.ellucian.com/message/252810#252810\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://raw.githubusercontent.com/JoshuaMulliken/CVE-2019-8978/master/README.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/May/31\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}, {\"lang\": \"en\", \"value\": \"CWE-362\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-8978\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-05-14T19:29:00.450\",\"lastModified\":\"2024-11-21T04:50:44.680\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An improper authentication vulnerability can be exploited through a race condition that occurs in Ellucian Banner Web Tailor 8.8.3, 8.8.4, and 8.9 and Banner Enterprise Identity Services 8.3, 8.3.1, 8.3.2, and 8.4, in conjunction with SSO Manager. This vulnerability allows remote attackers to steal a victim\u0027s session (and cause a denial of service) by repeatedly requesting the initial Banner Web Tailor main page with the IDMSESSID cookie set to the victim\u0027s UDCID, which in the case tested is the institutional ID. During a login attempt by a victim, the attacker can leverage the race condition and will be issued the SESSID that was meant for this victim.\"},{\"lang\":\"es\",\"value\":\"Una Vulnerabilidad de identificaci\u00f3n incorrecta, puede ser aprovechada a trav\u00e9s de una  condici\u00f3n de carrera  que ocurre en Ellucian Banner Web Tailor 8.8.3, 8.8.4, y 8.9 y Banner Enterprise Identity Services 8.3, 8.3.1, 8.3.2, and 8.4, en conjunci\u00f3n  con  SSO Manager. Esta vulnerabilidad permite a los atacantes remotos robar sesiones de las victimas  ( y causar denegaci\u00f3n de servicio) Solicitando repetidamente la p\u00e1gina inicial Banner Web Tailor con la cookie IDMESSID, configurada para el UDCID de la v\u00edctima, la cual en este caso es comprobada en la identificaci\u00f3n institucional. Durante el intento de inicio por la v\u00edctima, el atacante puede aprovechar esta condici\u00f3n  de carrera y se le emitir\u00e1 el SESSID que fue destinada para esta v\u00edctima.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"},{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ellucian:banner_enterprise_identity_services:8.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D878177-0D5F-4757-86D0-16447A7243BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ellucian:banner_enterprise_identity_services:8.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4353611E-DF11-4B8F-961D-9FC75F2F3E3F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ellucian:banner_enterprise_identity_services:8.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2C00342-A1CA-4B43-9553-8048E3B82EF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ellucian:banner_enterprise_identity_services:8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8135459E-0B7B-4D2A-8187-499841A87E23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ellucian:banner_web_tailor:8.8.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"924663A8-59E5-43B6-B41A-CD9D3CB503D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ellucian:banner_web_tailor:8.8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD7F92CB-0027-459A-8E1A-F211D560F091\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ellucian:banner_web_tailor:8.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B74CEB93-F7CA-4928-974D-9782EFC366FB\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/152856/Ellucian-Banner-Web-Tailor-Banner-Enterprise-Identity-Services-Improper-Authentication.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2019/May/18\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://ecommunities.ellucian.com/message/252749#252749\",\"source\":\"cve@mitre.org\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://ecommunities.ellucian.com/message/252810#252810\",\"source\":\"cve@mitre.org\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://raw.githubusercontent.com/JoshuaMulliken/CVE-2019-8978/master/README.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/May/31\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/152856/Ellucian-Banner-Web-Tailor-Banner-Enterprise-Identity-Services-Improper-Authentication.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2019/May/18\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://ecommunities.ellucian.com/message/252749#252749\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://ecommunities.ellucian.com/message/252810#252810\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://raw.githubusercontent.com/JoshuaMulliken/CVE-2019-8978/master/README.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://seclists.org/bugtraq/2019/May/31\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.