Weak Password Reset in Ellucian Banner Student by Ellucian
CVE-2015-4689

9.8CRITICAL

Key Information:

Vendor: Ellucian
Status: Banner Student
Vendor: CVE Published:; 11 September 2017

What is CVE-2015-4689?

The vulnerability in Ellucian Banner Student versions 8.5.1.2 to 8.7 enables remote attackers to exploit a weakness in the password reset functionality. This flaw allows unauthorized users to reset arbitrary passwords without proper verification, potentially compromising user accounts and sensitive data. Organizations using affected versions are encouraged to evaluate their security measures and apply necessary patches to mitigate risks associated with this vulnerability.

References

http://packetstormsecurity.com/files/134622/Banner-Studen...

x_refsource_MISC

http://www.securityfocus.com/archive/1/537029/100/0/threaded

mailing-listx_refsource_BUGTRAQ

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2017
Vulnerability Reserved
Jun 19, 2015

CVE-2015-4689 Data

JSON