Vulnerabilities > Ilias > Ilias > 7.12
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-25 | CVE-2023-36485 | Unspecified vulnerability in Ilias The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file. | 7.2 |
| 2023-12-25 | CVE-2023-36486 | Unspecified vulnerability in Ilias The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename. | 7.2 |
| 2023-06-29 | CVE-2023-36487 | Unspecified vulnerability in Ilias The password reset function in ILIAS 7.0_beta1 through 7.20 and 8.0_beta1 through 8.1 allows remote attackers to take over the account. | 9.8 |
| 2022-12-07 | CVE-2022-45915 | OS Command Injection vulnerability in Ilias ILIAS before 7.16 allows OS Command Injection. | 8.8 |
| 2022-12-07 | CVE-2022-45916 | Cross-site Scripting vulnerability in Ilias ILIAS before 7.16 allows XSS. | 5.4 |
| 2022-12-07 | CVE-2022-45917 | Open Redirect vulnerability in Ilias ILIAS before 7.16 has an Open Redirect. | 6.1 |
| 2022-12-07 | CVE-2022-45918 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Ilias ILIAS before 7.16 allows External Control of File Name or Path. | 6.5 |