SB2018043004 - Open redirect in Blackboard
Published: April 30, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Open redirect (CVE-ID: CVE-2017-18262)
CWE-ID: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to obtain potentially sensitive information and write arbitrary files on the target system.
The weakness exists due to improper authentication. A remote attacker can create a URL that, when loaded by the target authenticated user, will redirect the target user's browser to an arbitrary site.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.