Vulnerabilities > Ellucian

DATE CVE VULNERABILITY TITLE RISK
2024-02-13 CVE-2023-49339 Authorization Bypass Through User-Controlled Key vulnerability in Ellucian Banner
Ellucian Banner 9.17 allows Insecure Direct Object Reference (IDOR) via a modified bannerId to the /StudentSelfService/ssb/studentCard/retrieveData endpoint.
network
low complexity
ellucian CWE-639
6.5
2023-05-20 CVE-2023-2822 Unspecified vulnerability in Ellucian Ethos Identity 5.10.5
A vulnerability was found in Ellucian Ethos Identity up to 5.10.5.
network
low complexity
ellucian
6.1
2019-05-14 CVE-2019-8978 Race Condition vulnerability in Ellucian products
An improper authentication vulnerability can be exploited through a race condition that occurs in Ellucian Banner Web Tailor 8.8.3, 8.8.4, and 8.9 and Banner Enterprise Identity Services 8.3, 8.3.1, 8.3.2, and 8.4, in conjunction with SSO Manager.
network
high complexity
ellucian CWE-362
8.1
2017-09-11 CVE-2015-5054 Open Redirect vulnerability in Ellucian Banner Student
Open redirect vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter.
network
low complexity
ellucian CWE-601
6.1
2017-09-11 CVE-2015-4689 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Ellucian Banner Student
Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to reset arbitrary passwords via unspecified vectors, aka "Weak Password Reset."
network
low complexity
ellucian CWE-640
critical
9.8
2017-09-11 CVE-2015-4688 Information Exposure vulnerability in Ellucian Banner Student
Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allow remote attackers to enumerate user accounts via a series of requests.
network
low complexity
ellucian CWE-200
5.3
2017-09-11 CVE-2015-4687 Cross-site Scripting vulnerability in Ellucian Banner Student 8.5.1.2
Cross-site scripting (XSS) vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
ellucian CWE-79
6.1