Waseem Dayili

**Name of the Vulnerable Software and Affected Versions** Blackboard Learn version 1.10.1 **Description** The issue allows remote authenticated users to read unintended files by entering student credentials and then directly visiting a certain "webapps/bbcms/execute/" URL. The vendor disputes this, stating it cannot be reproduced. **Recommendations** For Blackboard Learn version 1.10.1, as a temporary workaround, consider restricting access to the "webapps/bbcms/execute/" URL until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.