Vulnerabilities > Ellucian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-13 | CVE-2023-49339 | Authorization Bypass Through User-Controlled Key vulnerability in Ellucian Banner Ellucian Banner 9.17 allows Insecure Direct Object Reference (IDOR) via a modified bannerId to the /StudentSelfService/ssb/studentCard/retrieveData endpoint. | 6.5 |
| 2023-05-20 | CVE-2023-2822 | Unspecified vulnerability in Ellucian Ethos Identity 5.10.5 A vulnerability was found in Ellucian Ethos Identity up to 5.10.5. | 6.1 |
| 2017-09-11 | CVE-2015-5054 | Open Redirect vulnerability in Ellucian Banner Student Open redirect vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter. | 6.1 |
| 2017-09-11 | CVE-2015-4688 | Information Exposure vulnerability in Ellucian Banner Student Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allow remote attackers to enumerate user accounts via a series of requests. | 5.3 |
| 2017-09-11 | CVE-2015-4687 | Cross-site Scripting vulnerability in Ellucian Banner Student 8.5.1.2 Cross-site scripting (XSS) vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |