CVE-2017-1143

Summary

IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM Reference #: 1998874.

Affected Software

VendorProductVersion RangeStatus
IBM CorporationKenexa LCMS Premier on Cloud9.0affected
IBM CorporationKenexa LCMS Premier on Cloud9.1affected
IBM CorporationKenexa LCMS Premier on Cloud9.2affected
IBM CorporationKenexa LCMS Premier on Cloud9.2.1affected
IBM CorporationKenexa LCMS Premier on Cloud9.3.0affected
IBM CorporationKenexa LCMS Premier on Cloud9.4.0affected
IBM CorporationKenexa LCMS Premier on Cloud9.5.0affected
IBM CorporationKenexa LCMS Premier on Cloud10.0.0affected
IBM CorporationKenexa LCMS Premier on Cloud10.1.0affected
IBM CorporationKenexa LCMS Premier on Cloud10.2.0affected
IBM CorporationKenexa LCMS Premier on Cloud10.3.0affected

Weaknesses

  • Obtain Information

ADP Enrichment

CVE Program Container

Additional References

References