CVE-2016-8913

Summary

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

Affected Software

VendorProductVersion RangeStatus
IBM CorporationKenexa LMS on Cloud13.0affected
IBM CorporationKenexa LMS on Cloud13.1affected
IBM CorporationKenexa LMS on Cloud13.2affected
IBM CorporationKenexa LMS on Cloud13.2.2affected
IBM CorporationKenexa LMS on Cloud13.2.3affected
IBM CorporationKenexa LMS on Cloud13.2.4affected
IBM CorporationKenexa LMS on Cloud14.0.0affected
IBM CorporationKenexa LMS on Cloud14.1.0affected
IBM CorporationKenexa LMS on Cloud14.2.0affected

Weaknesses

  • Obtain Information

ADP Enrichment

CVE Program Container

Additional References

References