Security-Blog
ILIAS 10.2
Following 9 security issues have been resolved:
0045633: Test & Assessment: Stored XSS in Question Pool
0045635: WOPI: Open Redirect
0045738: Certificate: Unauthenticated Remote Code Execution
0045744: Test & Assessment: Unsafe operation during import
0045745: Certificate: Unsanitized SVG Files in Import
0045752: Test & Assessment: Authenticated RCE über unsichere Deserialisierung
0045776: Rating: Missing CSRF Token in Rating request
0045777: Data Collection: Open/Unvalidated Redirect in DataCollections
0045801: Test & Assessment: Fixes Wrong Access Right Check and Route From Test to Question
Affected Version(s) | 8.23, 9.13, 10.1 |
Fixed Version(s) | 8.24, 9.14, 10.2 |
CVSS Score 4.0 | 8.5 |
Reported by | Matheus Zych (Databay AG) |
Affected Version(s) | 9.13, 10.1 |
Fixed Version(s) | 9.14, 10.2 |
CVSS Score 4.0 | 6.8 |
Reported by | Michael Jansen (Databay AG) |
Affected Version(s) | 8.23, 9.13, 10.1 |
Fixed Version(s) | 8.24, 9.14, 10.2 |
CVSS Score 4.0 | 7.7 |
Reported by | Florian Wilkens (SRLabs Researchers) |
Affected Version(s) | 8.23, 9.13, 10.1 |
Fixed Version(s) | 8.24, 9.14, 10.2 |
CVSS Score 4.0 | 7.5 |
Reported by | Florian Wilkens (SRLabs Researchers) |
Affected Version(s) | 8.23, 9.13, 10.1 |
Fixed Version(s) | 8.24, 9.14, 10.2 |
CVSS Score 4.0 | 5.9 |
Reported by | David Tokar (WEKA Media GmbH & Co. KG) |
Affected Version(s) | 8.23, 9.13, 10.1 |
Fixed Version(s) | 8.24, 9.14, 10.2 |
CVSS Score 4.0 | 7.5 |
Reported by | Florian Wilkens (SRLabs Researchers) |
Affected Version(s) | 8.23, 9.13, 10.1 |
Fixed Version(s) | 8.24, 9.14, 10.2 |
CVSS Score 4.0 | 7.1 |
Reported by | Michael Jansen (Databay AG) |
Affected Version(s) | 9.13, 10.1 |
Fixed Version(s) | 9.14, 10.2 |
CVSS Score 4.0 | 5.7 |
Reported by | Michael Jansen (Databay AG) |
Affected Version(s) | 8.23, 9.13, 10.1 |
Fixed Version(s) | 8.24, 9.14, 10.2 |
CVSS Score 4.0 | 7.6 |
Reported by | Ilja Lukin (FH Dortmund) |