CVE-2019-8978

{"id": "CVE-2019-8978", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2019-05-14T19:29:00.450", "references": [{"url": "http://packetstormsecurity.com/files/152856/Ellucian-Banner-Web-Tailor-Banner-Enterprise-Identity-Services-Improper-Authentication.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2019/May/18", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://ecommunities.ellucian.com/message/252749#252749", "tags": ["Permissions Required"], "source": "cve@mitre.org"}, {"url": "https://ecommunities.ellucian.com/message/252810#252810", "tags": ["Permissions Required"], "source": "cve@mitre.org"}, {"url": "https://raw.githubusercontent.com/JoshuaMulliken/CVE-2019-8978/master/README.txt", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://seclists.org/bugtraq/2019/May/31", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}, {"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "An improper authentication vulnerability can be exploited through a race condition that occurs in Ellucian Banner Web Tailor 8.8.3, 8.8.4, and 8.9 and Banner Enterprise Identity Services 8.3, 8.3.1, 8.3.2, and 8.4, in conjunction with SSO Manager. This vulnerability allows remote attackers to steal a victim's session (and cause a denial of service) by repeatedly requesting the initial Banner Web Tailor main page with the IDMSESSID cookie set to the victim's UDCID, which in the case tested is the institutional ID. During a login attempt by a victim, the attacker can leverage the race condition and will be issued the SESSID that was meant for this victim."}, {"lang": "es", "value": "Una Vulnerabilidad de identificaci\u00f3n incorrecta, puede ser aprovechada a trav\u00e9s de una condici\u00f3n de carrera que ocurre en Ellucian Banner Web Tailor 8.8.3, 8.8.4, y 8.9 y Banner Enterprise Identity Services 8.3, 8.3.1, 8.3.2, and 8.4, en conjunci\u00f3n con SSO Manager. Esta vulnerabilidad permite a los atacantes remotos robar sesiones de las victimas ( y causar denegaci\u00f3n de servicio) Solicitando repetidamente la p\u00e1gina inicial Banner Web Tailor con la cookie IDMESSID, configurada para el UDCID de la v\u00edctima, la cual en este caso es comprobada en la identificaci\u00f3n institucional. Durante el intento de inicio por la v\u00edctima, el atacante puede aprovechar esta condici\u00f3n de carrera y se le emitir\u00e1 el SESSID que fue destinada para esta v\u00edctima."}], "lastModified": "2021-07-21T11:39:23.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ellucian:banner_enterprise_identity_services:8.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D878177-0D5F-4757-86D0-16447A7243BE"}, {"criteria": "cpe:2.3:a:ellucian:banner_enterprise_identity_services:8.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4353611E-DF11-4B8F-961D-9FC75F2F3E3F"}, {"criteria": "cpe:2.3:a:ellucian:banner_enterprise_identity_services:8.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2C00342-A1CA-4B43-9553-8048E3B82EF8"}, {"criteria": "cpe:2.3:a:ellucian:banner_enterprise_identity_services:8.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8135459E-0B7B-4D2A-8187-499841A87E23"}, {"criteria": "cpe:2.3:a:ellucian:banner_web_tailor:8.8.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "924663A8-59E5-43B6-B41A-CD9D3CB503D4"}, {"criteria": "cpe:2.3:a:ellucian:banner_web_tailor:8.8.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD7F92CB-0027-459A-8E1A-F211D560F091"}, {"criteria": "cpe:2.3:a:ellucian:banner_web_tailor:8.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B74CEB93-F7CA-4928-974D-9782EFC366FB"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}