Arbitrary File Upload Vulnerability in IBM Kenexa LMS on Cloud
CVE-2016-8932

8.8HIGH

Key Information:

Vendor
IBM
Vendor
CVE Published:
1 February 2017

Summary

IBM Kenexa LMS on Cloud has a vulnerability that enables an attacker to upload arbitrary files. This flaw could be exploited to execute malicious code on the server, compromising the security and integrity of the application. The issue arises from inadequate validation of uploaded files, which allows users to bypass security controls and execute unauthorized commands.

Affected Version(s)

Kenexa LMS on Cloud 13.0

Kenexa LMS on Cloud 13.1

Kenexa LMS on Cloud 13.2

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.