Session Cookie Security Flaw in IBM Kenexa LCMS Premier on Cloud
CVE-2017-1142

6.5MEDIUM

Key Information:

Vendor: IBM
Status: Kenexa Lcms Premier On Cloud
Vendor: CVE Published:; 27 March 2017

Summary

A session cookie security issue exists in IBM Kenexa LCMS Premier on Cloud versions 9.x and 10.0. This vulnerability allows remote attackers to capture sensitive information by intercepting the transmission of session cookies, as the secure flag is not set when SSL mode is enabled. Consequently, intercepted cookies can lead to unauthorized access to sensitive data stored within the affected application.

Affected Version(s)

Kenexa LCMS Premier on Cloud 9.0

Kenexa LCMS Premier on Cloud 9.1

Kenexa LCMS Premier on Cloud 9.2

References

http://www.ibm.com/support/docview.wss?uid=swg21998874

x_refsource_CONFIRM

http://www.securityfocus.com/bid/97081

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 27, 2017
Vulnerability Reserved
Nov 30, 2016