BroadLearning eClass up to ip.2.5.10.2.0 URL download_attachment.php weak authentication

A vulnerability, which was classified as problematic, has been found in BroadLearning eClass up to ip.2.5.10.2.0. Affected by this issue is an unknown code of the file download_attachment.php of the component URL Handler. The manipulation with an unknown input leads to a weak authentication vulnerability. Using CWE to declare the problem leads to CWE-287. Impacted is confidentiality.

The weakness was disclosed 07/11/2019 as confirmed advisory (CERT.org). The advisory is shared for download at surl.twcert.org.tw. This vulnerability is handled as CVE-2019-9886 since 03/19/2019. No form of authentication is required for exploitation. There are known technical details, but no exploit is available.

Upgrading to version ip.2.5.10.2.1 eliminates this vulnerability.

Vendor

• BroadLearning

Name

• eClass

• 🔒

• 🔒

VulDB Meta Base Score: 4.3
VulDB Meta Temp Score: 4.1

VulDB Base Score: 4.3
VulDB Temp Score: 4.1
VulDB Vector: 🔒
VulDB Reliability: 🔍

VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Class: Weak authentication (CWE-287)
Local: Yes
Remote: No

Availability: 🔒
Status: Not defined

Price Prediction: 🔍
Current Price Estimation: 🔒

Threat Intelligenceinfoedit

Threat: 🔍
Adversaries: 🔍
Geopolitics: 🔍
Economy: 🔍
Predictions: 🔍
Remediation: 🔍Recommended: Upgrade
Status: 🔍

0-Day Time: 🔒

Upgrade: eClass ip.2.5.10.2.1

03/19/2019 CVE assigned
07/11/2019 +114 days Advisory disclosed
07/12/2019 +1 days VulDB entry created
07/12/2019 +0 days VulDB last updateAdvisory: surl.twcert.org.tw
Status: Confirmed

CVE: CVE-2019-9886 (🔒)

Created: 07/12/2019 09:44 AM
Complete: 🔍

Comments

Comments are closed.