Security-Blog
ILIAS 10.4
Following 8 security issues have been resolved:
0046023: SOAP: Unauthorized function calls
0046024: SOAP: Unauthorized data exposure
0046025: SOAP: Missing source permission check
0046496: ilServer: Apache Tika multiple XXE vulnerabilities
0045883: BackgroundTasks: Missind CSRF token for two commands in ilBTControllerGUI
0045884: BackgroundTasks: Open redirect in ilBTControllerGUI
0045900: BackgroundTasks: Unauthorized deletion of tasks
0045905: Repository: Stored XSS via SVG file upload of custom icons
Affected Version(s) | 9.15, 10.3 |
Fixed Version(s) | 9.16, 10.4 |
CVSS Score 4.0 | 6.9 |
Reported by | André Schweigert (FAU|ILIAS) |
Affected Version(s) | 9.15, 10.3 |
Fixed Version(s) | 9.16, 10.4 |
CVSS Score 4.0 | 6.8 |
Reported by | André Schweigert (FAU|ILIAS) |
Affected Version(s) | 9.15, 10.3 |
Fixed Version(s) | 9.16, 10.4 |
CVSS Score 4.0 | 6.1 |
Reported by | André Schweigert (FAU|ILIAS) |
Affected Version(s) | 9.15, 10.3, 11.0 Beta1 |
Fixed Version(s) | 9.16, 10.4, 11.0 Beta2 |
CVSS Score | 10 |
CVE-ID | CVE-2025-66516 |
Affected Version(s) | 8.25, 9.15, 10.3, 11.0 Alpha |
Fixed Version(s) | 8.26, 9.16, 10.4, 11.0 Beta2 |
CVSS Score 4.0 | 4.8 |
Reported by | Michael Jansen (Databay AG) |
Affected Version(s) | 8.25, 9.15, 10.3, 11.0 Alpha |
Fixed Version(s) | 8.26, 9.16, 10.4, 11.0 Beta2 |
CVSS Score 4.0 | 5.7 |
Reported by | Michael Jansen (Databay AG) |
Affected Version(s) | 8.25, 9.15, 10.3, 11.0 Alpha |
Fixed Version(s) | 8.26, 9.16, 10.4, 11.0 Beta2 |
CVSS Score 4.0 | 6.9 |
Reported by | Ilja Lukin (Fachhochschule Dortmund) |
Affected Version(s) | 8.25, 9.15, 10.3, 11.0 Alpha |
Fixed Version(s) | 8.26, 9.16, 10.4, 11.0 Beta2 |
CVSS Score 4.0 | 5.5 |
Reported by |