Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-8978

EPSS 11.77% · P94
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-8978

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
An improper authentication vulnerability can be exploited through a race condition that occurs in Ellucian Banner Web Tailor 8.8.3, 8.8.4, and 8.9 and Banner Enterprise Identity Services 8.3, 8.3.1, 8.3.2, and 8.4, in conjunction with SSO Manager. This vulnerability allows remote attackers to steal a victim's session (and cause a denial of service) by repeatedly requesting the initial Banner Web Tailor main page with the IDMSESSID cookie set to the victim's UDCID, which in the case tested is the institutional ID. During a login attempt by a victim, the attacker can leverage the race condition and will be issued the SESSID that was meant for this victim.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Ellucian Banner Web Tailor和Banner Enterprise Identity Services 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Ellucian Banner Web Tailor和Banner Enterprise Identity Services中存在竞争条件问题漏洞。该漏洞源于网络系统或产品在运行过程中,并发代码需要互斥地访问共享资源时,对于并发访问的处理不当。以下产品及版本受到影响:Ellucian Banner Web Tailor 8.8.3、8.8.4和8.9版本;Banner Enterprise Identity Services 8.3、8.3.1、8.3.2和8.4版本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2019-8978

#POC DescriptionSource LinkShenlong Link
1Banner Web Tailor and Banner Enterprise Identity Services Vulnerability Disclosurehttps://github.com/SecKatie/CVE-2019-8978POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2019-8978

登录查看更多情报信息。

Same Patch Batch · n/a · 2019-05-14 · 25 CVEs total

CVE-2019-8923XAMPP SQL注入漏洞
CVE-2019-12087Samsung S9+、S10和XCover 4 资源管理错误漏洞
CVE-2019-11336Sony Smart Tvs 日志信息泄露漏洞
CVE-2018-18800Tubigan Welcome to our Resort SQL注入漏洞
CVE-2019-6512WSO2 API Manager 代码问题漏洞
CVE-2019-6514WSO2 Dashboard Server 跨站脚本漏洞
CVE-2019-6515WSO2 API Manager 访问控制错误漏洞
CVE-2019-6516WSO2 Dashboard Server 代码问题漏洞
CVE-2019-8390qdPM 跨站脚本漏洞
CVE-2019-8391qdPM 跨站脚本漏洞
CVE-2018-11691Emerson Electric VE6046 信任管理问题漏洞
CVE-2019-8404Webiness Inventory 代码问题漏洞
CVE-2019-12099PHP-Fusion 代码问题漏洞
CVE-2019-9861ABUS Secvest FUAA50000 加密问题漏洞
CVE-2019-11846dotCMS 跨站脚本漏洞
CVE-2019-11845RICOH SP 4510DN 跨站脚本漏洞
CVE-2019-11844RICOH SP 4520DN 跨站脚本漏洞
CVE-2019-11419Tencent WeChat for Android 代码问题漏洞
CVE-2018-8940Enghouse Systems Cloud Contact Center Platform 代码问题漏洞
CVE-2018-6885MicroStrategy Web Services 路径遍历漏洞

Showing top 20 of 25 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2019-8978

No comments yet

Leave a comment