Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2017-18262
HistoryApr 30, 2018 - 1:29 p.m.

CVE-2017-18262

2018-04-3013:29:00
CWE-20
CWE-601
[email protected]
web.nvd.nist.gov
5

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

43.3%

JSON

Blackboard Learn (Since at least 17th of October 2017) has allowed Unvalidated Redirects on any signed-in user through its endpoints for handling Shibboleth logins, as demonstrated by a webapps/bb-auth-provider-shibboleth-BBLEARN/execute/shibbolethLogin?returnUrl= URI.

Affected configurations

Nvd
Node
blackboardblackboard_learnRange9.1
OR
blackboardblackboard_learnMatch9.1q2_2016
OR
blackboardblackboard_learnMatch9.1q2_2017
OR
blackboardblackboard_learnMatch9.1q4_2015
OR
blackboardblackboard_learnMatch9.1q4_2016
OR
blackboardblackboard_learnMatch9.1q4_2017
VendorProductVersionCPE
blackboardblackboard_learn*cpe:2.3:a:blackboard:blackboard_learn:*:*:*:*:*:*:*:*
blackboardblackboard_learn9.1cpe:2.3:a:blackboard:blackboard_learn:9.1:q2_2016:*:*:*:*:*:*
blackboardblackboard_learn9.1cpe:2.3:a:blackboard:blackboard_learn:9.1:q2_2017:*:*:*:*:*:*
blackboardblackboard_learn9.1cpe:2.3:a:blackboard:blackboard_learn:9.1:q4_2015:*:*:*:*:*:*
blackboardblackboard_learn9.1cpe:2.3:a:blackboard:blackboard_learn:9.1:q4_2016:*:*:*:*:*:*
blackboardblackboard_learn9.1cpe:2.3:a:blackboard:blackboard_learn:9.1:q4_2017:*:*:*:*:*:*

Related

packetstorm 1
cvelist 1
cve 1
prion 1
packetstorm
packetstorm
Blackboard Learn Open Redirect
2018-04-27 00:00:00
cvelist
cvelist
CVE-2017-18262
2018-04-30 13:00:00
cve
cve
CVE-2017-18262
2018-04-30 13:29:00
prion
prion
Code injection
2018-04-30 13:29:00

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

43.3%

JSON
Related for NVD:CVE-2017-18262
packetstorm1cvelist1cve1prion1