nvd-json-data-feeds/CVE-2008/CVE-2008-34xx/CVE-2008-3421.json

{
  "id": "CVE-2008-3421",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2008-07-31T17:41:00.000",
  "lastModified": "2017-08-08T01:31:52.327",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Blackboard Academic Suite 8.0.260.7 allow remote attackers to hijack the authentication of student users for requests that change configuration and enrollments via unspecified input to (1) update_module.jsp, (2) enroll_course.pl, and (3) unenroll.jsp."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de tipo cross-site request forgery (CSRF) en Blackboard Academic Suite versi\u00f3n 8.0.260.7, permiten a los atacantes remotos secuestrar la autenticaci\u00f3n de los usuarios alumnos para las peticiones que cambian la configuraci\u00f3n e inscripciones mediante entradas no especificadas en los archivos (1) update_module.jsp, (2) enroll_course.pl y (3) unenroll.jsp."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.3
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:blackboard:blackboard_academic_suite:8.0.260.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "090EBB60-326B-442C-9CAF-3A4E3A058D84"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://ceaseless.ws/bb-csrf/",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.securitytracker.com/id?1020559",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43986",
      "source": "cve@mitre.org"
    }
  ]
}