exploitDog

CVE-2008-3421

Опубликовано: 31 июл. 2008

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Multiple cross-site request forgery (CSRF) vulnerabilities in Blackboard Academic Suite 8.0.260.7 allow remote attackers to hijack the authentication of student users for requests that change configuration and enrollments via unspecified input to (1) update_module.jsp, (2) enroll_course.pl, and (3) unenroll.jsp.

Ссылки

http://ceaseless.ws/bb-csrf/
URL Repurposed
http://secunia.com/advisories/31177
Vendor Advisory
http://www.securitytracker.com/id?1020559
https://exchange.xforce.ibmcloud.com/vulnerabilities/43986
http://ceaseless.ws/bb-csrf/
URL Repurposed
http://secunia.com/advisories/31177
Vendor Advisory
http://www.securitytracker.com/id?1020559
https://exchange.xforce.ibmcloud.com/vulnerabilities/43986

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:blackboard:blackboard_academic_suite:8.0.260.7:*:*:*:*:*:*:*

EPSS

Процентиль: 26%

0.00089

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-r2q3-fwwf-666h

github

почти 4 года назад

Multiple cross-site request forgery (CSRF) vulnerabilities in Blackboard Academic Suite 8.0.260.7 allow remote attackers to hijack the authentication of student users for requests that change configuration and enrollments via unspecified input to (1) update_module.jsp, (2) enroll_course.pl, and (3) unenroll.jsp.

EPSS

Процентиль: 26%

0.00089

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-352