Educause Security Discussion mailing list archives
FSA Notice on: Exploitation of Ellucian Banner System Vulnerability - update
From: "Jim A. Bole" <jbole () STEVENSON EDU>
Date: Wed, 7 Aug 2019 14:33:40 +0000
Josh, I see that FSA has acknowledged that Ellucian vulnerabilities were not exploited: https://ifap.ed.gov/eannouncements/080619ITSecurAlertExploitationEllucianBannerSysVulnerabilityUpdate1.html Did FSA provide any explanation as to how they made their initial determination and, more importantly, what they are doing to prevent this type of false attribution in the future? Jim Bole Director of Information Security Stevenson University 1525 Greenspring Valley Road Stevenson, MD, 21153-0641 jbole () stevenson edu | O: 443-334-2696 From: Sosnin, Josh <Josh.Sosnin () ELLUCIAN COM> Sent: Friday, July 19, 2019 9:23 PM Subject: Re: [EXT]: [SECURITY] FSA Notice on: Exploitation of Ellucian Banner System Vulnerability We have posted an update on this issue at the link below. Please feel free to reach out to me with any questions. https://www.ellucian.com/news/ellucian-banner-system-vulnerability-update Thanks, Josh -- Josh Sosnin | VP and CISO | ellucian CONFIDENTIALITY: This email (including any attachments) may contain confidential, proprietary and privileged information, and unauthorized disclosure or use is prohibited. If you received this email in error, please notify the sender and delete this email from your system. Thank you. From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> on behalf of Brian Kelly <bkelly () EDUCAUSE EDU<mailto:bkelly () EDUCAUSE EDU>> Reply-To: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Date: Wednesday, July 17, 2019 at 8:50 PM To: "SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>" <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Subject: [EXT]: [SECURITY] FSA Notice on: Exploitation of Ellucian Banner System Vulnerability **External Email** If your institution is running Banner Web Tailor versions 8.8.3, 8.8.4, and 8.9 and/or Banner Enterprise Identity Services versions 8.3, 8.3.1, 8.3.2, and 8.4, Fed Student Aid has a security alert about a vulnerability needing patching if it's not patched already: https://ifap.ed.gov/eannouncements/071719ITSecurAlertExploitationEllucianBannerSysVulnerability.html<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fifap.ed.gov%2Feannouncements%2F071719ITSecurAlertExploitationEllucianBannerSysVulnerability.html&data=02%7C01%7Cjosh.sosnin%40ELLUCIAN.COM%7C0247e5adc4554c96455808d70b19deea%7Cba4f1b25f4f74403892553e24140459f%7C0%7C0%7C636990078058860644&sdata=MTtSDC4ljNTvY8I5IBaB0b9%2B7%2BC%2BBvp73MpZ%2BOJHRi0%3D&reserved=0> Brian Kelly, CISSP, CISM, CEH Director, Cybersecurity Program EDUCAUSE Uncommon Thinking for the Common Good Follow HEISC on LinkedIn<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fshowcase%2Fhigher-education-information-security-council-heisc-%2F&data=02%7C01%7Cjosh.sosnin%40ELLUCIAN.COM%7C0247e5adc4554c96455808d70b19deea%7Cba4f1b25f4f74403892553e24140459f%7C0%7C0%7C636990078058860644&sdata=1ng%2BoI6fffW4Q5QgkeeRg9hZB0tHOXGqOKTdxvgdHyA%3D&reserved=0> | Twitter: @HEISCouncil | bkelly () educause edu<mailto:bkelly () educause edu> direct: 720.406.6757 | mobile 475.449.6440 | educause.edu<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.educause.edu%2F&data=02%7C01%7Cjosh.sosnin%40ELLUCIAN.COM%7C0247e5adc4554c96455808d70b19deea%7Cba4f1b25f4f74403892553e24140459f%7C0%7C0%7C636990078058870648&sdata=MPMnb1Uw3mGDJc7wsB4PipaF6hzR1Y%2FZnd13hEQbEWw%3D&reserved=0> 1150 18th Street, NW, Suite 900 Washington, DC 20036 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
<<attachment: winmail.dat>>
Current thread:
- FSA Notice on: Exploitation of Ellucian Banner System Vulnerability - update Jim A. Bole (Aug 07)
- Re: FSA Notice on: Exploitation of Ellucian Banner System Vulnerability - update Mahmud Rahman (Aug 07)