Cross-Site Request Forgery Vulnerability in IBM Kenexa LCMS Premier on Cloud
CVE-2016-5937

8.8HIGH

Key Information:

Vendor
IBM
Vendor
CVE Published:
1 February 2017

Summary

IBM Kenexa LCMS Premier on Cloud is susceptible to cross-site request forgery, a type of vulnerability that allows attackers to manipulate trusted users into executing unauthorized actions. This occurs when an attacker tricks a user into submitting a crafted request, potentially compromising sensitive information and operations within the application. Users must ensure they are protected by implementing proper security measures, including request validation and user authentication.

Affected Version(s)

Kenexa LCMS Premier on Cloud = unspecified

Kenexa LCMS Premier on Cloud 9.0

Kenexa LCMS Premier on Cloud 9.1

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.