vendor:
Blackboard Learning System
by:
Unknown
7.5
CVSS
HIGH
Improper Authorization
284
CWE
Product Name: Blackboard Learning System
Affected Version From: Blackboard Learning System - Basic Edition (release 6)
Affected Version To: Unknown
Patch Exists: Unknown
Related CWE: Unknown
CPE: a:blackboard:learning_system
Platforms Tested: Unknown
Unknown
Blackboard Digital Dropbox File Download Vulnerability
Blackboard allows users to download files posted in the 'Digital Dropbox' without proper authorization. The application does not verify the requester's authorization, allowing anyone with the URI to download the file. An attacker can exploit this vulnerability to access potentially sensitive information.
Mitigation:
Implement proper authorization checks to ensure that only authorized users can download files from the 'Digital Dropbox'.