Directory Traversal Vulnerability in IBM Kenexa LMS on Cloud
CVE-2016-8933

6.5MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
1 February 2017

Summary

IBM Kenexa LMS on Cloud is susceptible to a directory traversal vulnerability that enables remote attackers to exploit dot dot sequences (/../) in URL requests. This flaw can lead to unauthorized access to arbitrary files on the host system, potentially exposing sensitive information. It is crucial for organizations using this platform to apply the recommended security measures provided by IBM to mitigate this risk.

Affected Version(s)

Kenexa LMS on Cloud 13.0

Kenexa LMS on Cloud 13.1

Kenexa LMS on Cloud 13.2

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.