SQL Injection Vulnerability in IBM Kenexa LCMS Premier
CVE-2016-9992
7.1HIGH
Summary
IBM Kenexa LCMS Premier versions 9.0 and 10.0.0 are susceptible to an SQL injection vulnerability that could be exploited by remote attackers. By sending specially-crafted SQL statements, an attacker may gain unauthorized access to the back-end database, allowing them to view, modify, add, or delete sensitive information. This vulnerability poses a significant threat to data integrity and confidentiality.
Affected Version(s)
Kenexa LCMS Premier on Cloud = unspecified
Kenexa LCMS Premier on Cloud 9.0
Kenexa LCMS Premier on Cloud 9.1
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved