CVE-2017-1142

Summary

IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM Reference #: 1998874.

Affected Software

VendorProductVersion RangeStatus
IBM CorporationKenexa LCMS Premier on Cloud9.0affected
IBM CorporationKenexa LCMS Premier on Cloud9.1affected
IBM CorporationKenexa LCMS Premier on Cloud9.2affected
IBM CorporationKenexa LCMS Premier on Cloud9.2.1affected
IBM CorporationKenexa LCMS Premier on Cloud9.3.0affected
IBM CorporationKenexa LCMS Premier on Cloud9.4.0affected
IBM CorporationKenexa LCMS Premier on Cloud9.5.0affected
IBM CorporationKenexa LCMS Premier on Cloud10.0.0affected
IBM CorporationKenexa LCMS Premier on Cloud10.1.0affected
IBM CorporationKenexa LCMS Premier on Cloud10.2.0affected
IBM CorporationKenexa LCMS Premier on Cloud10.3.0affected

Weaknesses

  • Obtain Information

ADP Enrichment

CVE Program Container

Additional References

References