Information Disclosure in IBM Kenexa LCMS Premier on Cloud
CVE-2016-5949

4.3MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
1 February 2017

Summary

IBM Kenexa LCMS Premier on Cloud is susceptible to a vulnerability that can be exploited by an authenticated user. This issue arises when a specially crafted HTTP request is sent, which can lead to the unauthorized retrieval of sensitive user data. Organizations utilizing this cloud service should be aware of the potential risks and implement necessary mitigations.

Affected Version(s)

Kenexa LCMS Premier on Cloud 9.0

Kenexa LCMS Premier on Cloud 9.1

Kenexa LCMS Premier on Cloud 9.2

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.