AnsweredAssumed Answered

Security Advisory - LRN-128071- XSS Vulnerability

Question asked by rs0048203 on Apr 26, 2018

Security Advisory - LRN-128071- XSS Vulnerability in File Uploads Could Allow Information Disclosure

https://blackboard.secure.force.com/btbb_articleview?id=kAA3900000000K7

We are currently using Q4 2017 CU2 on Test and Integration and Q4 2016 CU6 on Production.

Confirmed with Bb Support that in EVERY Bb Release - even if Authorization Vulnerability is Not Affected (ex: Q4 2016 CU6) OR if Product not listed (ex: Q4 2017 CU2) that:

Clients should also ensure the "Global Safe HTML Filter" is enabled and set to the strictest setting.

So, Bb Support recommends that Safe HTML Filters->Global Safe HTML Filter->Filtering Mode='All HTML'

Since this would have major user impact (example: Users with some special characters in passwords would not be able to log in), we continue to work with Bb Support to identify all potential impacts.

Outcomes