PT-2017-8914 · Ibm · Ibm Kenexa Lms On Cloud

Published

2017-02-01

Updated

2017-02-07

CVE-2016-6126

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Kenexa LMS on Cloud versions 13.1 through 13.2.4

Description The issue allows a remote attacker to traverse directories on the system by sending a specially-crafted URL request containing dot dot sequences (../) to view arbitrary files on the system.

Recommendations For versions 13.1 through 13.2.4, update to a version that fixes the directory traversal issue to prevent attackers from accessing arbitrary files on the system.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2016-6126

Affected Products

Ibm Kenexa Lms On Cloud

PT-2017-8914 · Ibm · Ibm Kenexa Lms On Cloud

CVE-2016-6126

Weakness Enumeration

Related Identifiers

Affected Products

References · 4