SQL Injection Vulnerability in IBM Kenexa LMS on Cloud
CVE-2016-8930

7.6HIGH

Key Information:

Vendor: IBM
Status: Kenexa Lms On Cloud
Vendor: CVE Published:; 1 February 2017

Summary

IBM Kenexa LMS on Cloud is susceptible to SQL injection attacks, enabling remote attackers to execute crafted SQL statements. This vulnerability permits unauthorized access, allowing attackers to view, modify, or delete data stored in the back-end database. Organizations utilizing this platform should take immediate measures to secure their data and mitigate potential risks.

Affected Version(s)

Kenexa LMS on Cloud 13.0

Kenexa LMS on Cloud 13.1

Kenexa LMS on Cloud 13.2

References

http://www.ibm.com/support/docview.wss?uid=swg21992072

x_refsource_CONFIRM

http://www.securityfocus.com/bid/95449

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 1, 2017
Vulnerability Reserved
Oct 25, 2016