Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
IBM Corporation

Kenexa LCMS Premier on Cloud

12 Versions 11 CVEs

Versions

9.3.0

SEMANTIC 11 CVEs

9.2.1

SEMANTIC 11 CVEs

unspecified

OTHER 4 CVEs

9.2

MAJOR_MINOR 11 CVEs

10.2.0

SEMANTIC 11 CVEs

9.1

MAJOR_MINOR 11 CVEs

9.4.0

SEMANTIC 11 CVEs

10.1.0

SEMANTIC 11 CVEs

9.0

MAJOR_MINOR 11 CVEs

9.5.0

SEMANTIC 11 CVEs

10.0.0

SEMANTIC 11 CVEs

10.3.0

SEMANTIC 2 CVEs

Recent CVEs

CVE-2017-1142

IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM Reference #: 1998874.

UNKNOWN Mar 27, 2017

CVE-2016-9993

IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1992067.

UNKNOWN Mar 01, 2017

CVE-2016-9994

IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1976805.

UNKNOWN Mar 01, 2017

CVE-2016-9992

IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1992067.

UNKNOWN Mar 01, 2017

CVE-2016-5937

IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

UNKNOWN Feb 01, 2017

CVE-2016-5949

IBM Kenexa LCMS Premier on Cloud could allow an authenticated user to obtain sensitive user data with a specially crafted HTTP request.

UNKNOWN Feb 01, 2017

CVE-2016-5951

IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

UNKNOWN Feb 01, 2017

CVE-2016-5948

IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

UNKNOWN Feb 01, 2017

CVE-2016-5952

IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

UNKNOWN Feb 01, 2017

CVE-2016-5950

IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in clear text which can be read by an authenticated user.

UNKNOWN Feb 01, 2017