Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
IBM Corporation

Kenexa LMS on Cloud

9 Versions 21 CVEs

Versions

13.2.4

SEMANTIC 21 CVEs

13.2.3

SEMANTIC 21 CVEs

13.0

MAJOR_MINOR 21 CVEs

13.2.2

SEMANTIC 21 CVEs

13.2

MAJOR_MINOR 21 CVEs

13.1

MAJOR_MINOR 21 CVEs

14.1.0

SEMANTIC 21 CVEs

14.0.0

SEMANTIC 21 CVEs

14.2.0

SEMANTIC 21 CVEs

Recent CVEs

CVE-2016-8935

IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999483.

UNKNOWN Mar 31, 2017

CVE-2016-8932

IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.

UNKNOWN Feb 01, 2017

CVE-2016-8928

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

UNKNOWN Feb 01, 2017

CVE-2016-8933

IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.

UNKNOWN Feb 01, 2017

CVE-2016-8931

IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.

UNKNOWN Feb 01, 2017

CVE-2016-8930

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

UNKNOWN Feb 01, 2017

CVE-2016-8911

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.

UNKNOWN Feb 01, 2017

CVE-2016-8913

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

UNKNOWN Feb 01, 2017

CVE-2016-8920

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

UNKNOWN Feb 01, 2017

CVE-2016-8912

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log files that could be read by an authenticated user.

UNKNOWN Feb 01, 2017