CVE-2024-8001

Name of the Vulnerable Software and Affected Versions: VIWIS LMS version 9.11

Description: A critical issue was found in the Print Handler component, leading to missing authorization. This allows a user with the role learner to access the entire exam, including solutions, in the web application using the administrative print function with an active session before and after an exam slot. The attack can be launched remotely.

Recommendations: For VIWIS LMS version 9.11, apply a patch to fix this issue. As a temporary workaround, consider restricting access to the administrative print function for users with the learner role until a patch is available.