Vulnerability CVE-2016-5939


Published: 2017-02-01

Description:
IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

Vendor: IBM
Product: Kenexa lms 
Version:
5.2
5.1
5.0
4.2.4
4.2.3
4.2.2
4.2
4.1
Product: Kenexa lms on cloud 
Version:
5.2
5.1
5.0
4.2.4
4.2.3
4.2.2
4.2
4.1

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://www.ibm.com/support/docview.wss?uid=swg21992129
http://www.securityfocus.com/bid/93523

Related CVE
CVE-2017-1713
IBM InfoSphere Streams 4.2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134632.
CVE-2019-4034
IBM Content Navigator 3.0CD is could allow an attacker to execute arbitrary code on a user's workstation. When editing an executable file in ICN with Edit service, it will be executed on the user's workstation. IBM X-Force ID: 156000.
CVE-2018-1984
IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...
CVE-2018-1983
IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...
CVE-2018-1982
IBM Rational Team Concert 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...
CVE-2018-1952
IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potent...
CVE-2018-1929
IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 could allow a malicious user to be allowed to view any view if he knows the URL link of a the view, and access information that should not be able to see. IBM X-Force ID: 153120.
CVE-2018-1916
IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potent...

Copyright 2019, cxsecurity.com

 

Back to Top