Kenexa LMS on Cloud

CVEs (21)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2016-8932	IBM Kenexa Lms	Hig	0.57	8.8	0.02	Feb 1, 2017	IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
CVE-2016-8931	IBM Kenexa Lms	Hig	0.57	8.8	0.02	Feb 1, 2017	IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
CVE-2016-6124	IBM Kenexa Lms	Hig	0.57	8.8	0.02	Feb 1, 2017	IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
CVE-2016-8930	IBM Kenexa Lms	Hig	0.49	7.6	0.01	Feb 1, 2017	IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE-2016-8928	IBM Kenexa Lms	Hig	0.49	7.6	0.01	Feb 1, 2017	IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE-2016-8933	IBM Kenexa Lms	Med	0.42	6.5	0.02	Feb 1, 2017	IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.
CVE-2016-8913	IBM Kenexa Lms	Med	0.42	6.5	0.02	Feb 1, 2017	IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
CVE-2016-6126	IBM Kenexa Lms	Med	0.42	6.5	0.02	Feb 1, 2017	IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
CVE-2016-5939	IBM Kenexa Lms	Med	0.41	6.3	0.01	Feb 1, 2017	IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE-2016-5941	IBM Kenexa Lms	Med	0.37	5.7	0.02	Feb 1, 2017	IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.
CVE-2016-8935	IBM Kenexa Lms	Med	0.35	5.4	0.01	Mar 31, 2017	IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure…
CVE-2016-8929	IBM Kenexa Lms	Med	0.35	5.4	0.01	Feb 1, 2017	IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE-2016-5942	IBM Kenexa Lms	Med	0.35	5.4	0.01	Feb 1, 2017	IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2016-5940	IBM Kenexa Lms	Med	0.35	5.4	0.01	Feb 1, 2017	IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2016-8920	IBM Kenexa Lms	Med	0.35	5.4	0.01	Feb 1, 2017	IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2016-8911	IBM Kenexa Lms	Med	0.35	5.4	0.01	Feb 1, 2017	IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly…
CVE-2016-6125	IBM Kenexa Lms	Med	0.35	5.4	0.01	Feb 1, 2017	IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2016-6123	IBM Kenexa Lms	Med	0.35	5.4	0.01	Feb 1, 2017	IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2016-8912	IBM Kenexa Lms	Med	0.28	4.3	0.01	Feb 1, 2017	IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log files that could be read by an authenticated user.
CVE-2016-6122	IBM Kenexa Lms	Med	0.28	4.3	0.01	Feb 1, 2017	IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 discloses answers to security questions in a response to authenticated users.

CVE-2016-8932HigFeb 1, 2017
IBM
Kenexa Lms
risk 0.57cvss 8.8epss 0.02
IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
CVE-2016-8931HigFeb 1, 2017
IBM
Kenexa Lms
risk 0.57cvss 8.8epss 0.02
IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
CVE-2016-6124HigFeb 1, 2017
IBM
Kenexa Lms
risk 0.57cvss 8.8epss 0.02
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
CVE-2016-8930HigFeb 1, 2017
IBM
Kenexa Lms
risk 0.49cvss 7.6epss 0.01
IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE-2016-8928HigFeb 1, 2017
IBM
Kenexa Lms
risk 0.49cvss 7.6epss 0.01
IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE-2016-8933MedFeb 1, 2017
IBM
Kenexa Lms
risk 0.42cvss 6.5epss 0.02
IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.
CVE-2016-8913MedFeb 1, 2017
IBM
Kenexa Lms
risk 0.42cvss 6.5epss 0.02
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
CVE-2016-6126MedFeb 1, 2017
IBM
Kenexa Lms
risk 0.42cvss 6.5epss 0.02
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
CVE-2016-5939MedFeb 1, 2017
IBM
Kenexa Lms
risk 0.41cvss 6.3epss 0.01
IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE-2016-5941MedFeb 1, 2017
IBM
Kenexa Lms
risk 0.37cvss 5.7epss 0.02
IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.
CVE-2016-8935MedMar 31, 2017
IBM
Kenexa Lms
risk 0.35cvss 5.4epss 0.01
IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure…
CVE-2016-8929MedFeb 1, 2017
IBM
Kenexa Lms
risk 0.35cvss 5.4epss 0.01
IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE-2016-5942MedFeb 1, 2017
IBM
Kenexa Lms
risk 0.35cvss 5.4epss 0.01
IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2016-5940MedFeb 1, 2017
IBM
Kenexa Lms
risk 0.35cvss 5.4epss 0.01
IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2016-8920MedFeb 1, 2017
IBM
Kenexa Lms
risk 0.35cvss 5.4epss 0.01
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2016-8911MedFeb 1, 2017
IBM
Kenexa Lms
risk 0.35cvss 5.4epss 0.01
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly…
CVE-2016-6125MedFeb 1, 2017
IBM
Kenexa Lms
risk 0.35cvss 5.4epss 0.01
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2016-6123MedFeb 1, 2017
IBM
Kenexa Lms
risk 0.35cvss 5.4epss 0.01
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2016-8912MedFeb 1, 2017
IBM
Kenexa Lms
risk 0.28cvss 4.3epss 0.01
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log files that could be read by an authenticated user.
CVE-2016-6122MedFeb 1, 2017
IBM
Kenexa Lms
risk 0.28cvss 4.3epss 0.01
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 discloses answers to security questions in a response to authenticated users.

Page 1 of 2