IBM Kenexa LCMS Premier on Cloud 10.1 has addressed a vulnerability that could allow an authenticated user to obtain sensitive user data with specically crafted HTTP request
CVEID: CVE-2016-5949**
DESCRIPTION:** IBM Kenexa LCMS Premier on Cloud could allow an authenticated user to obtain sensitive user data with a specially crafted HTTP request.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116094 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
9.1, 9.2, 9.3, 9.4, 9.5 10.0, 10.1
This issue has been addressed in IBM Kenexa LCMS Premier 10.1
Customers who are using an affected version should visit IBM Support Portal and open a Service Request (SR) to request an upgrade to latest fixed release.