VIWIS LMS 911 DC-2024-8001

2024-11-19

Platform: VIWIS LMS
Version: 9.11
Vulnerability: Missing Authorization in Print Handler
Severity: Critical
Date: November 13, 2024 (Published), November 19, 2024 (Last Modified)

:

A critical vulnerability exists in VIWIS LMS 9.11 that allows a remote attacker to access unauthorized data. The vulnerability resides in the Print Handler component and allows a learner to exploit missing authorization to access the entire exam, including solutions.

What Undercode Says:

This vulnerability is critical and allows unauthorized access to exam data. Learners can potentially gain access to solutions and compromise the integrity of exams. We recommend patching VIWIS LMS 9.11 immediately.

Additional Notes:

The NIST National Vulnerability Database (NVD) assigned a CVSS v4.0 base score of 6.9 (MEDIUM).

The vulnerability can be exploited remotely.

Disclaimer: This information is for educational purposes only. Please refer to official sources for the latest updates and remediation steps.

References:

Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top