Previous CVEs for Banner Student were filed under vendor SunGard. All vulnerabilities are fixed in patch pcr-000134142_bws8070102, in latest version of the product (8.7.1.2) as of November 26, 2015. ----- Product: Banner Student Vendor: Ellucian Company L.P. Vulnerable Version: 8.5.1.2 - 8.7 Tested Version: 8.7 Vendor Notification: June 18, 2015 Public Disclosure: December 2, 2015 Vulnerability Type: URL Redirection to Untrusted Site ('Open Redirect') [CWE-601] CVE Reference: CVE-2015-5054 Risk Level: Medium CVSSv2 Base Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N) CVSSv3 Base Score: 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) Mitigation: None, Upgrade to 8.7.1.2 Discovered and Provided: RiskSense, Inc. Advisory Details: Open Redirect in Ellucian Banner Student: CVE-2015-5054 A user can be redirected to a malicious page when a link is clicked from a crafted URL. References: [1] Ellucian Company L.P. - http://www.ellucian.com/ [2] Banner Student - http://www.ellucian.com/Software/Banner-Student/ [3] OWASP A10 - https://www.owasp.org/index.php/Top_10_2013-A10-Unvalidated_Redirects_and_Forwards [4] CWE-601 - https://cwe.mitre.org/data/definitions/601.html ----- Product: Banner Student Vendor: Ellucian Company L.P. Vulnerable Version: 8.5.1.2 Tested Version: 8.5.1.2 Vendor Notification: June 18, 2015 Public Disclosure: December 2, 2015 Vulnerability Type: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') [CWE-79] CVE Reference: CVE-2015-4687 Risk Level: Medium CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) CVSSv3 Base Score: 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) Mitigation: None, Upgrade to 8.7.1.2 Discovered and Provided: Ellucian Company L.P. Advisory Details: Reflected Cross-Site Scripting (XSS) in Ellucian Banner Student: CVE-2015-4687 Unsanitized data input from application parameters allows an attacker to execute arbitrary JavaScript code using a malicious URL. References: [1] Ellucian Company L.P. - http://www.ellucian.com/ [2] Banner Student - http://www.ellucian.com/Software/Banner-Student/ [3] OWASP A3 - https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS) [4] CWE-79 - https://cwe.mitre.org/data/definitions/79.html ----- Product: Banner Student Vendor: Ellucian Company L.P. Vulnerable Version: 8.5.1.2 - 8.7 Tested Version: 8.7 Vendor Notification: June 18, 2015 Public Disclosure: December 2, 2015 Vulnerability Type: Information Exposure Through Discrepancy [CWE-203] CVE Reference: CVE-2015-4688 Risk Level: Medium CVSSv2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) CVSSv3 Base Score: 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) Mitigation: None, Upgrade to 8.7.1.2 Discovered and Provided: Ellucian Company L.P. Advisory Details: User Enumeration in Ellucian Banner Student: CVE-2015-4688 Differences between server responses can be used to brute-force user accounts in the system. References: [1] Ellucian Company L.P. - http://www.ellucian.com/ [2] Banner Student - http://www.ellucian.com/Software/Banner-Student/ [3] OWASP A2 - https://www.owasp.org/index.php/Top_10_2013-A2-Broken_Authentication_and_Session_Management [4] CWE-203 - https://cwe.mitre.org/data/definitions/203.html ----- Product: Banner Student Vendor: Ellucian Company L.P. Vulnerable Version: 8.5.1.2 - 8.7 Tested Version: 8.7 Vendor Notification: June 18, 2015 Public Disclosure: December 2, 2015 Vulnerability Type: Weak Password Recovery Mechanism for Forgotten Password [CWE-640] CVE Reference: CVE-2015-4689 Risk Level: Medium - High CVSSv2 Base Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N) CVSSv3 Base Score: 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N) Mitigation: None, Upgrade to 8.7.1.2 Discovered and Provided: Ellucian Company L.P. Advisory Details: Weak Password Reset in Ellucian Banner Student: CVE-2015-4689 An attacker is able to change login credentials of users through a weak password reset mechanism. References: [1] Ellucian Company L.P. - http://www.ellucian.com/ [2] Banner Student - http://www.ellucian.com/Software/Banner-Student/ [3] OWASP A2 - https://www.owasp.org/index.php/Top_10_2013-A2-Broken_Authentication_and_Session_Management [4] CWE-640 - https://cwe.mitre.org/data/definitions/640.html ----- RiskSense, Inc. Security Analysts: Dylan Davis, Sean Dillon, Zachary Harding