Security-Blog
ILIAS 10.3
Following 6 security issues have been resolved:
0045738: Unauthenticated Remote Code Execution
0045898: Wiki: Unauthorized Access to LTI Settings
0045899: ilUIPluginRouterGUI: Unauthorized function calls
0045910: fix: Verification of LTI Result Service Calls
0045897: MediaPool: Open/Unvalidated Redirect
0045975: SOAP: Unauthorized function calls
Affected Version(s) | 8.24, 9.14, 10.2 |
Fixed Version(s) | 8.25, 9.15, 10.3, 11.0 Beta 2 |
CVSS Score 4.0 | |
Reported by | Florian Wilkens (SRLabs Researchers) |
Affected Version(s) | 8.24, 9.14, 10.2 |
Fixed Version(s) | 8.25, 9.15, 10.3, 11.0 Beta 2 |
CVSS Score 4.0 | 6.9 |
Reported by | Ilja Lukin (Fachhochschule Dortmund) |
Affected Version(s) | 8.24, 9.14, 10.2 |
Fixed Version(s) | 8.25, 9.15, 10.3, 11.0 Beta 2 |
CVSS Score 4.0 | 6.9 |
Reported by | Ilja Lukin (Fachhochschule Dortmund) |
Affected Version(s) | 10.2 |
Fixed Version(s) | 10.3 |
CVSS Score 4.0 | |
Reported by | Fred Neumann (ILIAS open source e-Learning e.V.) |
Affected Version(s) | 8.24, 9.14, 10.2 |
Fixed Version(s) | 8.25, 9.15, 10.3, 11.0 Beta 2 |
CVSS Score 4.0 | 4 |
Reported by | Michael Jansen (Databay AG) |
Affected Version(s) | 9.14, 10.2 |
Fixed Version(s) | 9.15, 10.3, 11.0 Beta 2 |
CVSS Score 4.0 | 6.9 |
Reported by | Matthias Stock (Hochschule Bielefeld) |