Vulnerability Details : CVE-2023-1632
** DISPUTED ** A vulnerability has been found in Ellucian Banner Web Tailor 8.6 and classified as critical. This vulnerability affects unknown code of the file /PROD_ar/twbkwbis.P_FirstMenu of the component Login Page. The manipulation of the argument PIDM/WEBID leads to improper authorization. The attack can be initiated remotely. After submitting proper login credentials it becomes possible to generate new valid session identifiers on the OTP page. The real existence of this vulnerability is still doubted at the moment. VDB-224014 is the identifier assigned to this vulnerability.
Vulnerability category: BypassGain privilege
Exploit prediction scoring system (EPSS) score for CVE-2023-1632
Probability of exploitation activity in the next 30 days: 0.05%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 17 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2023-1632
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
[email protected] |
|
6.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
2.8
|
3.4
|
[email protected] |
|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
[email protected] |
CWE ids for CVE-2023-1632
-
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.Assigned by: [email protected] (Secondary)
-
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.Assigned by: [email protected] (Primary)
References for CVE-2023-1632
-
https://vuldb.com/?id.224014
Permissions Required;Third Party Advisory
-
https://vuldb.com/?ctiid.224014
Permissions Required;Third Party Advisory
Products affected by CVE-2023-1632
- cpe:2.3:a:ellucian:banner_web_tailor:8.6:*:*:*:*:*:*:*