CVE-2023-1632

Name of the Vulnerable Software and Affected Versions Ellucian Banner Web Tailor version 8.6

Description A critical vulnerability has been found in the Login Page component of Ellucian Banner Web Tailor. The issue affects unknown code of the file /PROD ar/twbkwbis.P FirstMenu. The manipulation of the PIDM/WEBID argument leads to improper authorization. This can be initiated remotely, and after submitting proper login credentials, it becomes possible to generate new valid session identifiers on the OTP page.

Recommendations For Ellucian Banner Web Tailor version 8.6, consider restricting access to the Login Page component until a patch is available. As a temporary workaround, avoid using the PIDM/WEBID argument in the affected login functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.