Potential Remote Attack on Print Handler Function in VIWIS LMS 9.11
CVE-2024-8001

6.9MEDIUM

Key Information:

Vendor: Viwis
Status: Lms
Vendor: CVE Published:; 13 November 2024

What is CVE-2024-8001?

A security flaw exists in the Print Handler component of VIWIS LMS 9.11, which can be exploited by users with learner roles. This vulnerability allows these users to bypass the intended authorization mechanisms, enabling them to access sensitive exam content and solutions through the administrative print function. The attack can be performed remotely, particularly before and after designated exam slots, posing a significant risk to the integrity of the examination process. Immediate patching is recommended to mitigate this vulnerability and protect against unauthorized access.

Affected Version(s)

LMS 9.11

References

https://vuldb.com/?id.284352

vdb-entry

https://vuldb.com/?ctiid.284352

signaturepermissions-required

https://www.scip.ch/?news.20241203

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 13, 2024

Credit

Ralph Meier

Viwis

What is CVE-2024-8001?

Affected Version(s)

References

CVSS V4

Timeline

Credit