Updates are available for the open learning platform ILIAS, used by universities, clinics, and other public institutions. The new versions 9.21, 10.9, and 11.2 close security vulnerabilities that affected all previous releases. Three of the vulnerabilities pose a high security risk, while the others pose a medium risk.
The warning and information service of CERT-Bund assesses the overall danger as critical. According to the service, attackers could exploit these vulnerabilities under certain conditions to bypass security measures, disclose sensitive information, or perform cross-site scripting attacks.
Admins should install the available updates. However, no active attacks based on these vulnerabilities have been observed yet.
Release and further information
The development team has published general information about the new features in the current versions. Download links for updating can also be found there.
Additionally, separate security notices were published – although with rather limited informational content –:
(ovw)
