Vulnerabilities > IBM > Kenexa Lcms Premier

DATE CVE VULNERABILITY TITLE RISK
2017-03-27 CVE-2017-1143 Information Exposure vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-200
5.3
2017-03-27 CVE-2017-1142 Information Exposure vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode.
network
low complexity
ibm CWE-200
6.5
2017-03-01 CVE-2016-9994 SQL Injection vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
7.1
2017-03-01 CVE-2016-9993 SQL Injection vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
7.1
2017-03-01 CVE-2016-9992 SQL Injection vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
7.1
2017-02-01 CVE-2016-5952 SQL Injection vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
8.8
2017-02-01 CVE-2016-5951 Cross-site Scripting vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-02-01 CVE-2016-5950 Credentials Management vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in clear text which can be read by an authenticated user.
network
low complexity
ibm CWE-255
6.5
2017-02-01 CVE-2016-5949 7PK - Security Features vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud could allow an authenticated user to obtain sensitive user data with a specially crafted HTTP request.
network
low complexity
ibm CWE-254
4.3
2017-02-01 CVE-2016-5948 Cross-site Scripting vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4