Vulnerabilities > Ellucian
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-13 | CVE-2023-49339 | Authorization Bypass Through User-Controlled Key vulnerability in Ellucian Banner Ellucian Banner 9.17 allows Insecure Direct Object Reference (IDOR) via a modified bannerId to the /StudentSelfService/ssb/studentCard/retrieveData endpoint. | 6.5 |
| 2023-05-20 | CVE-2023-2822 | Cross-site Scripting vulnerability in Ellucian Ethos Identity 5.10.5 A vulnerability was found in Ellucian Ethos Identity up to 5.10.5. | 6.1 |
| 2019-05-14 | CVE-2019-8978 | Race Condition vulnerability in Ellucian products An improper authentication vulnerability can be exploited through a race condition that occurs in Ellucian Banner Web Tailor 8.8.3, 8.8.4, and 8.9 and Banner Enterprise Identity Services 8.3, 8.3.1, 8.3.2, and 8.4, in conjunction with SSO Manager. | 6.8 |
| 2017-09-11 | CVE-2015-5054 | Open Redirect vulnerability in Ellucian Banner Student Open redirect vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter. | 5.8 |
| 2017-09-11 | CVE-2015-4689 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Ellucian Banner Student Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to reset arbitrary passwords via unspecified vectors, aka "Weak Password Reset." | 5.0 |
| 2017-09-11 | CVE-2015-4688 | Information Exposure vulnerability in Ellucian Banner Student Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allow remote attackers to enumerate user accounts via a series of requests. | 5.0 |
| 2017-09-11 | CVE-2015-4687 | Cross-site Scripting vulnerability in Ellucian Banner Student 8.5.1.2 Cross-site scripting (XSS) vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |