Banner Self-Service
Cross-Site Scripting Security Vulnerability
Banner Customers Click Here for Solution Details
SunGard Higher Education became aware of a potential security threat in August 2007 which could be perpetrated on the Banner Self-Service products. The company quickly addressed the threat, issued a customer notice and resolution communication, and posted a security update for Banner customers to apply on August 31, 2007.
On January 29, 2008 information about the vulnerability was posted to public security forums. Because of the renewed interest and Internet exposure, SunGard Higher Education again reached out to customers to encourage them strongly to apply the security update as soon as possible, if they had not already done so.
The vulnerability can only be exploited after a user has successfully logged on to Banner Self-Service and is enticed from an outside source, such as email or IM, to execute foreign code. The extent of the exposure would be limited to the scope of that user’s access during the current session. It is important for all users of SunGard Higher Education products, or any system, to understand that the execution of foreign code from an un-trusted source can have serious ramifications.
For detailed information on this security issue, Banner customers should visit the SunGard Higher Education Customer Support Center and review the FAQ 1-2P7TER which provides direction for taking corrective actions.
While the identified issue presents an exposure under a very limited circumstance, SunGard Higher Education considers all potential security issues critical and has strongly encouraged customers to take the recommended corrective actions as quickly as possible.
Customers who have questions or need additional information should visit the SunGard Higher Education Customer Support Center or call the SunGard Higher Education ActionLine.