Cross-Site Request Forgery Vulnerability in IBM Kenexa LCMS Premier on Cloud
CVE-2016-5937
8.8HIGH
Summary
IBM Kenexa LCMS Premier on Cloud is susceptible to cross-site request forgery, a type of vulnerability that allows attackers to manipulate trusted users into executing unauthorized actions. This occurs when an attacker tricks a user into submitting a crafted request, potentially compromising sensitive information and operations within the application. Users must ensure they are protected by implementing proper security measures, including request validation and user authentication.
Affected Version(s)
Kenexa LCMS Premier on Cloud = unspecified
Kenexa LCMS Premier on Cloud 9.0
Kenexa LCMS Premier on Cloud 9.1
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved