Abdulaziz Naif Almadhi

**Name of the Vulnerable Software and Affected Versions** Ellucian Banner version 9.17 **Description** The issue allows Insecure Direct Object Reference (IDOR) via a modified `bannerId` to the "/StudentSelfService/ssb/studentCard/retrieveData" endpoint. This means an attacker could potentially access sensitive information by manipulating the `bannerId` parameter in the request to the specified endpoint. **Recommendations** For Ellucian Banner version 9.17, consider restricting access to the "/StudentSelfService/ssb/studentCard/retrieveData" endpoint until a patch is available. As a temporary workaround, avoid using the modified `bannerId` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.