VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 13, 2024· Updated Jan 9, 2025

VIWIS LMS Print authorization

CVE-2024-8001

Description

A vulnerability was found in VIWIS LMS 9.11. It has been classified as critical. Affected is an unknown function of the component Print Handler. The manipulation leads to missing authorization. It is possible to launch the attack remotely. A user with the role learner can use the administrative print function with an active session before and after an exam slot to access the entire exam including solutions in the web application. It is recommended to apply a patch to fix this issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Missing authorization in VIWIS LMS 9.11 Print Handler allows learners to access exam solutions before/after exam slots.

Vulnerability

The vulnerability exists in the Print Handler component of VIWIS LMS version 9.11, where an administrative print function lacks proper authorization checks. This allows users with the learner role to access the print functionality, which should be restricted to administrators. The issue is classified as critical due to the potential for unauthorized access to sensitive exam data.

Exploitation

An attacker must have a valid learner account and an active session. By accessing the administrative print function before or after an exam slot, the attacker can remotely retrieve the entire exam content including solutions. No additional privileges or user interaction beyond the learner role are required [1].

Impact

Successful exploitation leads to unauthorized information disclosure, specifically the full exam questions and solutions. This compromises the integrity of exams and could allow learners to gain an unfair advantage. The scope is limited to the web application's exam data, but the impact is considered high due to the sensitivity of the information.

Mitigation

A patch is recommended by the vendor to fix the missing authorization. As of the publication date (2024-11-13), the patch is available. No workarounds are documented. Users should update to the latest version of VIWIS LMS to mitigate the vulnerability [1].

References
  1. Veröffentlichung einer Schwachstelle

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • VIWIS/LMSllm-fuzzy2 versions
    =9.11+ 1 more
    • (no CPE)range: =9.11
    • (no CPE)range: 9.11

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.