VYPR
← All advisories
Medium severity4.3NVD Advisory· Published Feb 1, 2017· Updated May 13, 2026

CVE-2016-5949

CVE-2016-5949

Description

IBM Kenexa LCMS Premier on Cloud allows authenticated users to obtain sensitive data via a crafted HTTP request.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

IBM Kenexa LCMS Premier on Cloud allows authenticated users to obtain sensitive data via a crafted HTTP request.

Vulnerability

IBM Kenexa LCMS Premier on Cloud versions 9.1, 9.2, 9.3, 9.4, 9.5, 10.0, and 10.1 contain a vulnerability that allows an authenticated user to obtain sensitive user data by sending a specially crafted HTTP request [1]. The vulnerability requires the attacker to be an authenticated user of the application.

Exploitation

An attacker with valid user credentials can craft a malicious HTTP request and send it to an affected instance of IBM Kenexa LCMS Premier on Cloud [1]. The attacker does not require any special privileges beyond standard user authentication, and the attack can be performed over the network without user interaction.

Impact

Successful exploitation of this vulnerability results in the disclosure of sensitive user data, impacting the confidentiality of the application [1]. The CVSS v3 base score is 4.3, with the vector CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N, indicating low confidentiality impact with no impact on integrity or availability [1].

Mitigation

IBM addressed this vulnerability in IBM Kenexa LCMS Premier 10.1. Customers using an affected version should contact IBM Support to request an upgrade to the latest fixed release [1].

References
  1. Security Bulletin: IBM Kenexa LCMS Premier on Cloud has addressed (CVE-2016-5949)

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

9
  • IBM/Kenexa Lcms Premier8 versions
    cpe:2.3:a:ibm:kenexa_lcms_premier:10.0:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:a:ibm:kenexa_lcms_premier:10.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:kenexa_lcms_premier:10.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:kenexa_lcms_premier:9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:kenexa_lcms_premier:9.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:kenexa_lcms_premier:9.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:kenexa_lcms_premier:9.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:kenexa_lcms_premier:9.5:*:*:*:*:*:*:*
    • (no CPE)
  • IBM Corporation/Kenexa LCMS Premier on Cloudv5
    Range: 9.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.