Lucene search

[email protected]CVE-2005-4338

HistoryDec 19, 2005 - 3:47 a.m.

CVE-2005-4338

2005-12-1903:47:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-4338

announcement.pl

blackboard learning

community portal system

academic suite

remote attackers

administrator privileges

context parameter

7.7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

75.8%

JSON

announcement.pl in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to gain administrator privileges by setting the context parameter to “admin”.

CPENameOperatorVersion
blackboard:academic_suiteblackboard academic suiteeq6.2.3.23
blackboard:academic_suiteblackboard academic suiteeq*
blackboard:academic_suiteblackboard academic suiteeq6.3.1.424

CPE	Name	Operator	Version
blackboard:academic_suite	blackboard academic suite	eq	6.2.3.23
blackboard:academic_suite	blackboard academic suite	eq	*
blackboard:academic_suite	blackboard academic suite	eq	6.3.1.424

References

www.ipomonis.com/advisories/Bb_6.zip

www.osvdb.org/21617

7.7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

75.8%

JSON