CVE-2008-3421

Name of the Vulnerable Software and Affected Versions Blackboard Academic Suite version 8.0.260.7

Description The issue affects the authentication of student users, allowing remote attackers to hijack it for requests that change configuration and enrollments. This is achieved through unspecified input to API endpoints such as "update module.jsp", "enroll course.pl", and "unenroll.jsp".

Recommendations For Blackboard Academic Suite version 8.0.260.7, consider restricting access to the update module.jsp, enroll course.pl, and unenroll.jsp endpoints until a patch is available. As a temporary workaround, restrict the ability to change configuration and enrollments to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.