Kenexa Lms

CVEs (10)

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2016-8932	Hig	0.57	8.8	0.02	Feb 1, 2017	IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
CVE-2016-8931	Hig	0.57	8.8	0.02	Feb 1, 2017	IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
CVE-2016-8930	Hig	0.49	7.6	0.00	Feb 1, 2017	IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE-2016-8928	Hig	0.49	7.6	0.00	Feb 1, 2017	IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE-2016-8933	Med	0.42	6.5	0.01	Feb 1, 2017	IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.
CVE-2016-5941	Med	0.37	5.7	0.00	Feb 1, 2017	IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.
CVE-2016-8929	Med	0.35	5.4	0.00	Feb 1, 2017	IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE-2016-5942	Med	0.35	5.4	0.00	Feb 1, 2017	IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2016-5940	Med	0.35	5.4	0.00	Feb 1, 2017	IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2016-5938	Low	0.21	3.3	0.00	Feb 1, 2017	IBM Kenexa LMS on Cloud allows web pages to be stored locally which can be read by another user on the system.

CVE-2016-8932HigFeb 1, 2017
risk 0.57cvss 8.8epss 0.02
IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
CVE-2016-8931HigFeb 1, 2017
risk 0.57cvss 8.8epss 0.02
IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
CVE-2016-8930HigFeb 1, 2017
risk 0.49cvss 7.6epss 0.00
IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE-2016-8928HigFeb 1, 2017
risk 0.49cvss 7.6epss 0.00
IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE-2016-8933MedFeb 1, 2017
risk 0.42cvss 6.5epss 0.01
IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.
CVE-2016-5941MedFeb 1, 2017
risk 0.37cvss 5.7epss 0.00
IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.
CVE-2016-8929MedFeb 1, 2017
risk 0.35cvss 5.4epss 0.00
IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE-2016-5942MedFeb 1, 2017
risk 0.35cvss 5.4epss 0.00
IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2016-5940MedFeb 1, 2017
risk 0.35cvss 5.4epss 0.00
IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2016-5938LowFeb 1, 2017
risk 0.21cvss 3.3epss 0.00
IBM Kenexa LMS on Cloud allows web pages to be stored locally which can be read by another user on the system.