CVE-2022-31266

Name of the Vulnerable Software and Affected Versions ILIAS versions prior to 7.11

Description The issue allows remote attackers to take over accounts due to a lack of verification when changing an email address on the Profile Page.

Recommendations For versions prior to 7.11, update to version 7.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the Profile Page or implementing additional verification steps for email address changes until a patch is available.