CVE-2016-5950

Vulnerability

CVE-2016-5950 describes a vulnerability in IBM Kenexa LCMS Premier on Cloud where user credentials are stored in plain, clear text. The affected versions are those prior to the fix delivered in LCMS Premier 10.3. An authenticated user with any privilege level can read these stored credentials from the application's backend storage [1].

Exploitation

An attacker needs only valid authentication to the LCMS Premier on Cloud instance. No special privileges or additional user interaction are required. Once authenticated, the attacker can access the plain-text credentials of other users by reading the storage location where credentials are kept without encryption [1].

Impact

Successful exploitation results in the disclosure of other users' credentials. This compromises confidentiality (C) of user account information, potentially leading to privilege escalation or lateral movement within the application. The CVSS v3 base score is 6.5 (Medium) with a vector of AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating high impact to confidentiality with no impact to integrity or availability [1].

Mitigation

IBM released a fix in LCMS Premier on Cloud version 10.3 on or before the publication date of 2017-02-01. Users should upgrade to version 10.3 or later to remediate this vulnerability. No workarounds are documented in the available reference [1]. This CVE is not listed in the known exploited vulnerabilities (KEV) catalog.