SQL Injection Vulnerability in IBM Kenexa LCMS Premier
CVE-2016-9992

7.1HIGH

Key Information:

Vendor: IBM
Status: Kenexa Lcms Premier On Cloud
Vendor: CVE Published:; 1 March 2017

What is CVE-2016-9992?

IBM Kenexa LCMS Premier versions 9.0 and 10.0.0 are susceptible to an SQL injection vulnerability that could be exploited by remote attackers. By sending specially-crafted SQL statements, an attacker may gain unauthorized access to the back-end database, allowing them to view, modify, add, or delete sensitive information. This vulnerability poses a significant threat to data integrity and confidentiality.

Affected Version(s)

Kenexa LCMS Premier on Cloud = unspecified

Kenexa LCMS Premier on Cloud 9.0

Kenexa LCMS Premier on Cloud 9.1

References

http://www.ibm.com/support/docview.wss?uid=swg21992067

x_refsource_CONFIRM

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 1, 2017
Vulnerability Reserved
Dec 16, 2016