Vulnerabilities > IBM > Kenexa Lcms Premier > 10.1

DATE CVE VULNERABILITY TITLE RISK
2017-03-01 CVE-2016-9993 SQL Injection vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
7.1
2017-03-01 CVE-2016-9992 SQL Injection vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
7.1
2017-02-01 CVE-2016-5951 Cross-site Scripting vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-02-01 CVE-2016-5950 Credentials Management vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in clear text which can be read by an authenticated user.
network
low complexity
ibm CWE-255
6.5
2017-02-01 CVE-2016-5949 7PK - Security Features vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud could allow an authenticated user to obtain sensitive user data with a specially crafted HTTP request.
network
low complexity
ibm CWE-254
4.3
2017-02-01 CVE-2016-5948 Cross-site Scripting vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-02-01 CVE-2016-5937 Cross-Site Request Forgery (CSRF) vulnerability in IBM Kenexa Lcms Premier
IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8