6.1
CVE-2017-18262
- EPSS 1.47%
- Veröffentlicht 30.04.2018 13:29:00
- Zuletzt bearbeitet 21.11.2024 03:19:42
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginBlackboard Learn (Since at least 17th of October 2017) has allowed Unvalidated Redirects on any signed-in user through its endpoints for handling Shibboleth logins, as demonstrated by a webapps/bb-auth-provider-shibboleth-BBLEARN/execute/shibbolethLogin?returnUrl= URI.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Blackboard ≫ Blackboard Learn Version <= 9.1
Blackboard ≫ Blackboard Learn Version9.1 Updateq2_2016
Blackboard ≫ Blackboard Learn Version9.1 Updateq2_2017
Blackboard ≫ Blackboard Learn Version9.1 Updateq4_2015
Blackboard ≫ Blackboard Learn Version9.1 Updateq4_2016
Blackboard ≫ Blackboard Learn Version9.1 Updateq4_2017
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.47% | 0.703 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
http://seclists.org/fulldisclosure/2018/Apr/57
http://www.securitytracker.com/id/1040767
https://ethan.pm/blackboard.txt