0-days reported in Blackboard

[Steve Werby <steve.werby () UTSA EDU>]

Zero-day holes found in the Blackboard learning platform
http://www.scmagazine.com.au/News/272215,millions-of-student-exams-tests-and-data-exposed.aspx

Multiple zero-day security vulnerabilities have been found in the world’s most popular educational software - holes 
that allow students to change grades and download unpublished exams, whilst allowing criminals to steal personal 
information...The problems relate to default configuration and web application vulnerabilities present in all versions 
of the Blackboard Learn system....the vulnerabilities would remain unpatched until the first service pack update is 
delivered “prior to the end of the year”...the issue was initially logged (in July) to our client support team...We 
issued a support bulletin to Blackboard Learn clients today after completing our review of the issues.

It's not surprising that Blackboard is continuing down their old path concerning the handling of vulnerabilities.

Is anyone familiar with the details and able to share them? Can anyone share the support bulletin? If any of you have 
implemented compensating controls, can you share what steps you took?

-- 
Steve Werby
Information Security Officer
The University of Texas at San Antonio