Potential Remote Attack on Print Handler Function in VIWIS LMS 9.11
CVE-2024-8001

6.9MEDIUM

Key Information:

Vendor

Viwis

Status
Lms
Vendor
CVE Published:
13 November 2024

What is CVE-2024-8001?

A security flaw exists in the Print Handler component of VIWIS LMS 9.11, which can be exploited by users with learner roles. This vulnerability allows these users to bypass the intended authorization mechanisms, enabling them to access sensitive exam content and solutions through the administrative print function. The attack can be performed remotely, particularly before and after designated exam slots, posing a significant risk to the integrity of the examination process. Immediate patching is recommended to mitigate this vulnerability and protect against unauthorized access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

LMS 9.11

References

https://vuldb.com/?id.284352
vdb-entry
https://vuldb.com/?ctiid.284352
signaturepermissions-required
https://www.scip.ch/?news.20241203
related

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

Credit

Ralph Meier
JSON
.