CVE-2000-0627

BlackBoard CourseInfo 4.0 does not properly authenticate users, which allows local users to modify CourseInfo database information and gain privileges by directly calling the supporting CGI programs such as user_update_passwd.pl and user_update_admin.pl.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/1486	Exploit Patch Vendor Advisory
http://archives.neohapsis.com/archives/bugtraq/2000-07/0254.html	Vendor Advisory
http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D20000719151904.I17986@securityfocus.com
https://exchange.xforce.ibmcloud.com/vulnerabilities/4946

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:blackboard:courseinfo:4.0:::::::*
	cpe:2.3:a:blackboard:courseinfo:unix:::::::*

Information

Published : 2000-07-17 21:00

Updated : 2017-10-09 18:29

NVD link : CVE-2000-0627

Mitre link : CVE-2000-0627

JSON object : View

CWE

NVD-CWE-Other

Products Affected

blackboard

courseinfo

7.5 /10