Vulnerabilities > IBM > Kenexa LMS ON Cloud

DATE CVE VULNERABILITY TITLE RISK
2017-02-01 CVE-2016-8920 Cross-site Scripting vulnerability in IBM Kenexa LMS on Cloud
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-02-01 CVE-2016-8913 Path Traversal vulnerability in IBM Kenexa LMS on Cloud
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
6.5
2017-02-01 CVE-2016-8912 Information Exposure Through Log Files vulnerability in IBM Kenexa LMS on Cloud
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log files that could be read by an authenticated user.
network
low complexity
ibm CWE-532
4.3
2017-02-01 CVE-2016-8911 7PK - Security Features vulnerability in IBM Kenexa LMS on Cloud
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to hijack the clicking action of the victim.
network
low complexity
ibm CWE-254
5.4
2017-02-01 CVE-2016-6126 Path Traversal vulnerability in IBM Kenexa LMS on Cloud
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
6.5
2017-02-01 CVE-2016-6125 Cross-site Scripting vulnerability in IBM Kenexa LMS on Cloud
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-02-01 CVE-2016-6124 Unrestricted Upload of File with Dangerous Type vulnerability in IBM Kenexa LMS on Cloud
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
network
low complexity
ibm CWE-434
8.8
2017-02-01 CVE-2016-6123 Cross-site Scripting vulnerability in IBM Kenexa LMS on Cloud
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
2017-02-01 CVE-2016-6122 Information Exposure vulnerability in IBM Kenexa LMS on Cloud
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 discloses answers to security questions in a response to authenticated users.
network
low complexity
ibm CWE-200
4.3
2017-02-01 CVE-2016-5939 SQL Injection vulnerability in IBM Kenexa LMS on Cloud
IBM Kenexa LMS on Cloud is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
6.3