CVE-2022-31266

EUVD-2022-52841
In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page) allows remote attackers to take over accounts.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
Affected Products (NVD)
VendorProductVersion
iliasilias
𝑥
≤ 7.10
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://medium.com/%40bcksec/in-ilias-through-7-10-620c0de685ee
https://www.bcksec.com/services/
https://medium.com/%40bcksec/in-ilias-through-7-10-620c0de685ee
https://www.bcksec.com/services/