Security Experts:

Connect with us

Hi, what are you looking for?


Application Security

Hackers Compromise 62 Colleges via Campus ERP Platform

Hackers have managed to compromise 62 colleges and universities by exploiting a vulnerability in the Ellucian Banner system, the U.S. Department of Education warns.

Hackers have managed to compromise 62 colleges and universities by exploiting a vulnerability in the Ellucian Banner system, the U.S. Department of Education warns.

The vulnerability resides in Banner Web Tailor, a tool designed for registration, curriculum management, advising, administration, and reporting. It allows students to access and change their registration, graduation, and financial aid information. Ellucian Banner Enterprise Identity Services is also impacted. 

Tracked as CVE-2019-8978, the issue is triggered when SSO Manager is used as the authentication mechanism for Web Tailor. This could result in information disclosure and loss of data integrity for the impacted users, Joshua Mulliken explains in an advisory

The vulnerability was discovered in December 2018 and a patch has been available for a couple of months. Only Ellucian Banner Web Tailor versions 8.8.3, and 8.8.4, and Banner Enterprise Identity Services versions 8.3, 8.3.1, 8.3.2, and 8.4 are affected by the security flaw. 

Attackers targeting the vulnerability can steal a victim’s session and then log into the Banner system. The attackers would then be able to perform various operations, depending on the administrative privileges granted to the affected account. 

“The Department has identified 62 colleges or universities that have been affected by exploitation of this vulnerability. We have also recently received information that indicates criminal elements have been actively scanning the internet looking for institutions to victimize through this vulnerability and developing lists of institutions for targeting with this exploitation,” the Department of Education warns.

Once the attackers gain access to the system, they leverage scripts in the admissions or enrollment sections to create multiple student accounts, the alert reads. 

Affected institutions reported the creation of at least 600 fake or fraudulent student accounts within a 24-hour period. Over the course of multiple days, the attackers created thousands of fake student accounts, some of which were leveraged almost immediately for criminal activity. 

“Although it was reported that attackers can leverage the vulnerability discussed above to create accounts, Ellucian believes this is not correct. The issue described in the alert is not believed to be related to the previously patched Ellucian Banner System vulnerability and is not exclusive to institutions using Ellucian products,” Ellucian claims

The company notes that the attackers are utilizing bots to submit fraudulent admissions applications and to obtain institution email addresses through accessing application portals.

The company also notes that, while Banner Web Tailor 8.9 was also listed as affected by the vulnerability, it is not affected. Patches for the impacted software versions were released on May 14, 2019 and are included in all subsequent roll-up software releases, the company says. 

“There is no indication that student or institutional data has been compromised. The patched vulnerability is extremely difficult to exploit and unlikely to occur outside of a laboratory setting,” Ellucian says. 

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...


A high-severity format string vulnerability in F5 BIG-IP can be exploited to cause a DoS condition and potentially execute arbitrary code.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.