CVE-2016-8933

Summary

IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.

Affected Software

VendorProductVersion RangeStatus
IBM CorporationKenexa LMS on Cloud13.0affected
IBM CorporationKenexa LMS on Cloud13.1affected
IBM CorporationKenexa LMS on Cloud13.2affected
IBM CorporationKenexa LMS on Cloud13.2.2affected
IBM CorporationKenexa LMS on Cloud13.2.3affected
IBM CorporationKenexa LMS on Cloud13.2.4affected
IBM CorporationKenexa LMS on Cloud14.0.0affected
IBM CorporationKenexa LMS on Cloud14.1.0affected
IBM CorporationKenexa LMS on Cloud14.2.0affected

Weaknesses

  • Obtain Information

ADP Enrichment

CVE Program Container

Additional References

References