CVE-2024-8001

MEDIUM EPSS 49.7%
Published Nov 13, 20241y ago · Modified Jun 17, 20261w ago
6.9 CVSS 4.0
Medium
Find Similar
Published Nov 13, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

A vulnerability was found in VIWIS LMS 9.11. It has been classified as critical. Affected is an unknown function of the component Print Handler. The manipulation leads to missing authorization. It is possible to launch the attack remotely. A user with the role learner can use the administrative print function with an active session before and after an exam slot to access the entire exam including solutions in the web application. It is recommended to apply a patch to fix this issue.

CVSS Details

Base Score
6.9
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
49.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 2

CWE-862 Missing Authorization Authorization
CWE-863 Incorrect Authorization Authorization

Affected Products 1

VendorProductVersionRange
viwislearning_management_system9.11any

References 3

  • vuldb.com https://vuldb.com/?ctiid.284352
    Permissions Required
  • vuldb.com https://vuldb.com/?id.284352
    Third Party Advisory
  • scip.ch https://www.scip.ch/?news.20241203

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.