{"api_version":"1","generated_at":"2026-04-25T09:41:31+00:00","cve":"CVE-2008-3421","urls":{"html":"https://cve.report/CVE-2008-3421","api":"https://cve.report/api/cve/CVE-2008-3421.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2008-3421","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2008-3421"},"summary":{"title":"CVE-2008-3421","description":"Multiple cross-site request forgery (CSRF) vulnerabilities in Blackboard Academic Suite 8.0.260.7 allow remote attackers to hijack the authentication of student users for requests that change configuration and enrollments via unspecified input to (1) update_module.jsp, (2) enroll_course.pl, and (3) unenroll.jsp.","state":"PUBLISHED","assigner":"mitre","published_at":"2008-07-31 17:41:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-352","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43986","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43986","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://ceaseless.ws/bb-csrf/","name":"http://ceaseless.ws/bb-csrf/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["URL Repurposed"],"title":"Blackboard cross-site request forgeries","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/31177","name":"http://secunia.com/advisories/31177","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Blackboard Academic Suite Cross-Site Request Forgery Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1020559","name":"http://www.securitytracker.com/id?1020559","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Blackboard Academic Suite Input Validation Flaws Permit Cross-Site Request Forgery Attacks - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2008-3421","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-3421","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2008","cve_id":"3421","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"blackboard","cpe5":"blackboard_academic_suite","cpe6":"8.0.260.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T09:37:26.900Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"1020559","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1020559"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://ceaseless.ws/bb-csrf/"},{"name":"blackboard-unspecified-csrf(43986)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43986"},{"name":"31177","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/31177"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2008-07-25T00:00:00.000Z","descriptions":[{"lang":"en","value":"Multiple cross-site request forgery (CSRF) vulnerabilities in Blackboard Academic Suite 8.0.260.7 allow remote attackers to hijack the authentication of student users for requests that change configuration and enrollments via unspecified input to (1) update_module.jsp, (2) enroll_course.pl, and (3) unenroll.jsp."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-08-07T12:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"1020559","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1020559"},{"tags":["x_refsource_MISC"],"url":"http://ceaseless.ws/bb-csrf/"},{"name":"blackboard-unspecified-csrf(43986)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43986"},{"name":"31177","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/31177"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2008-3421","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple cross-site request forgery (CSRF) vulnerabilities in Blackboard Academic Suite 8.0.260.7 allow remote attackers to hijack the authentication of student users for requests that change configuration and enrollments via unspecified input to (1) update_module.jsp, (2) enroll_course.pl, and (3) unenroll.jsp."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"1020559","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1020559"},{"name":"http://ceaseless.ws/bb-csrf/","refsource":"MISC","url":"http://ceaseless.ws/bb-csrf/"},{"name":"blackboard-unspecified-csrf(43986)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43986"},{"name":"31177","refsource":"SECUNIA","url":"http://secunia.com/advisories/31177"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2008-3421","datePublished":"2008-07-31T17:00:00.000Z","dateReserved":"2008-07-31T00:00:00.000Z","dateUpdated":"2024-08-07T09:37:26.900Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2008-07-31 17:41:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-352","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:blackboard:blackboard_academic_suite:8.0.260.7:*:*:*:*:*:*:*","matchCriteriaId":"090EBB60-326B-442C-9CAF-3A4E3A058D84"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2008","CveId":"3421","Ordinal":"1","Title":"CVE-2008-3421","CVE":"CVE-2008-3421","Year":"2008"},"notes":[{"CveYear":"2008","CveId":"3421","Ordinal":"1","NoteData":"Multiple cross-site request forgery (CSRF) vulnerabilities in Blackboard Academic Suite 8.0.260.7 allow remote attackers to hijack the authentication of student users for requests that change configuration and enrollments via unspecified input to (1) update_module.jsp, (2) enroll_course.pl, and (3) unenroll.jsp.","Type":"Description","Title":"CVE-2008-3421"},{"CveYear":"2008","CveId":"3421","Ordinal":"2","NoteData":"2008-07-31","Type":"Other","Title":"Published"},{"CveYear":"2008","CveId":"3421","Ordinal":"3","NoteData":"2017-08-07","Type":"Other","Title":"Modified"}]}}}