Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Kenexa Lms Security Vulnerabilities

cve
cve

CVE-2016-5938

IBM Kenexa LMS on Cloud allows web pages to be stored locally which can be read by another user on the system.

3.3CVSS

4.8AI Score

0.0004EPSS

2017-02-01 10:59 PM
18
cve
cve

CVE-2016-5940

IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

5.4CVSS

5.7AI Score

0.0005EPSS

2017-02-01 10:59 PM
22
cve
cve

CVE-2016-5941

IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.

5.7CVSS

6.2AI Score

0.001EPSS

2017-02-01 10:59 PM
28
cve
cve

CVE-2016-5942

IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

5.4CVSS

5.7AI Score

0.0005EPSS

2017-02-01 10:59 PM
18
cve
cve

CVE-2016-8928

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

7.6CVSS

8AI Score

0.001EPSS

2017-02-01 10:59 PM
19
cve
cve

CVE-2016-8929

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

5.4CVSS

6.5AI Score

0.001EPSS

2017-02-01 10:59 PM
23
cve
cve

CVE-2016-8930

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

7.6CVSS

8AI Score

0.001EPSS

2017-02-01 10:59 PM
24
cve
cve

CVE-2016-8931

IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.

8.8CVSS

8.9AI Score

0.009EPSS

2017-02-01 10:59 PM
19
cve
cve

CVE-2016-8932

IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.

8.8CVSS

8.9AI Score

0.009EPSS

2017-02-01 10:59 PM
19
cve
cve

CVE-2016-8933

IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.

6.5CVSS

6.8AI Score

0.001EPSS

2017-02-01 10:59 PM
19
cve
cve

CVE-2016-8935

IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sess...

5.4CVSS

5.2AI Score

0.0005EPSS

2017-03-31 06:59 PM
19