Security-Blog
ILIAS 9.15
Following 6 security issues have been resolved:
0045738: Unauthenticated Remote Code Execution
0045898: Wiki: Unauthorized Access to LTI Settings
0045899: ilUIPluginRouterGUI: Unauthorized function calls
0045938: Query UI: Known vulnerability in version 1.13.1 (XSS)
0045897: MediaPool: Open/Unvalidated Redirect
0045975: SOAP: Unauthorized function calls
Affected Version(s) | 8.24, 9.14, 10.2 |
Fixed Version(s) | 8.25, 9.15, 10.3, 11.0 Beta 2 |
CVSS Score 4.0 | |
Reported by | Florian Wilkens (SRLabs Researchers) |
Affected Version(s) | 8.24, 9.14, 10.2 |
Fixed Version(s) | 8.25, 9.15, 10.3, 11.0 Beta 2 |
CVSS Score 4.0 | 6.9 |
Reported by | Ilja Lukin (Fachhochschule Dortmund) |
Affected Version(s) | 8.24, 9.14, 10.2 |
Fixed Version(s) | 8.25, 9.15, 10.3, 11.0 Beta 2 |
CVSS Score 4.0 | 6.9 |
Reported by | Ilja Lukin (Fachhochschule Dortmund) |
Affected Version(s) | 9.14 |
Fixed Version(s) | 9.15 |
CVSS Score 4.0 | |
Reported by | Robin Baumgartner (sr solutions) |
Affected Version(s) | 8.24, 9.14, 10.2 |
Fixed Version(s) | 8.25, 9.15, 10.3, 11.0 Beta 2 |
CVSS Score 4.0 | 4 |
Reported by | Michael Jansen (Databay AG) |
Affected Version(s) | 9.14, 10.2 |
Fixed Version(s) | 9.15, 10.3, 11.0 Beta 2 |
CVSS Score 4.0 | 6.9 |
Reported by | Matthias Stock (Hochschule Bielefeld) |