CVE-2024-8001 MEDIUM

CVE-2024-8001: VIWIS LMS Print authorization

Vendor Viwis
Product LMS
Weakness CWE-862 · Missing authorization
Published November 13, 2024
Last update January 9, 2025

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in VIWIS LMS 9.11. It has been classified as critical. Affected is an unknown function of the component Print Handler. The manipulation leads to missing authorization. It is possible to launch the attack remotely. A user with the role learner can use the administrative print function with an active session before and after an exam slot to access the entire exam including solutions in the web application. It is recommended to apply a patch to fix this issue.

Key dates

02Disclosure timeline

November 13, 2024 CVE published
January 9, 2025 Record updated

Related vulnerabilities

04Related CVE