Skip to main content

Internet Campus Solution

3 CVEs product

Monthly

CVE-2020-8434 CRITICAL Act Now

Jenzabar JICS (aka Internet Campus Solution) before 9.0.1 Patch 3, 9.1 before 9.1.2 Patch 2, and 9.2 before 9.2.2 Patch 8 has session cookies that are a deterministic function of the username. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Internet Campus Solution
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2019-10012 HIGH POC This Week

Jenzabar JICS (aka Internet Campus Solution) before 9 allows remote attackers to upload and execute arbitrary .aspx code by placing it in a ZIP archive and using the MoxieManager (for .NET) plugin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

File Upload Internet Campus Solution Moxiemanager
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2019-10011 CRITICAL Act Now

ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS (aka Internet Campus Solution) before 2019-02-06 allows remote attackers to create an arbitrary number of accounts with a password of 1234. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Internet Campus Solution
NVD
CVSS 3.0
9.8
EPSS
2.1%
EPSS 1% CVSS 9.8
CRITICAL Act Now

Jenzabar JICS (aka Internet Campus Solution) before 9.0.1 Patch 3, 9.1 before 9.1.2 Patch 2, and 9.2 before 9.2.2 Patch 8 has session cookies that are a deterministic function of the username. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Internet Campus Solution
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

Jenzabar JICS (aka Internet Campus Solution) before 9 allows remote attackers to upload and execute arbitrary .aspx code by placing it in a ZIP archive and using the MoxieManager (for .NET) plugin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

File Upload Internet Campus Solution Moxiemanager
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS (aka Internet Campus Solution) before 2019-02-06 allows remote attackers to create an arbitrary number of accounts with a password of 1234. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Internet Campus Solution
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy