CVE-2006-0511

Опубликовано: 01 фев. 2006

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Blackboard Academic Suite 6.0 and earlier does not properly clear session information when de-authenticating a user who is idle, which allows subsequent users to log in as the previous user and gain privileges. NOTE: the vendor has disputed this issue, saying that "This is a customer specific issue related to their Kerberos authentication single sign-on application and not a vulnerability in the Blackboard product.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:blackboard:blackboard:5.0:*:*:*:*:*:*:*

cpe:2.3:a:blackboard:blackboard:5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:blackboard:blackboard:5.5:*:*:*:*:*:*:*

cpe:2.3:a:blackboard:blackboard:5.5.1:*:*:*:*:*:*:*

cpe:2.3:a:blackboard:blackboard:6.0:*:*:*:*:*:*:*

cpe:2.3:a:blackboard:blackboard_academic_suite:6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 40%

0.00178

Низкий

4.3 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-xwp8-fr9p-xj9v

github

больше 3 лет назад

** DISPUTED ** Blackboard Academic Suite 6.0 and earlier does not properly clear session information when de-authenticating a user who is idle, which allows subsequent users to log in as the previous user and gain privileges. NOTE: the vendor has disputed this issue, saying that "This is a customer specific issue related to their Kerberos authentication single sign-on application and not a vulnerability in the Blackboard product."