CVE-2023-49339 Information

Description

Ellucian Banner 9.17 allows Insecure Direct Object Reference (IDOR) via a modified bannerId to the /StudentSelfService/ssb/studentCard/retrieveData endpoint.

Reference

https://www.ellucian.com/solutions/ellucian-banner https://github.com/3zizme/CVE-2023-49339/