CVE-2016-6124

Опубликовано: 01 фев. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.

Ссылки

http://www.ibm.com/support/docview.wss?uid=swg21993982
Vendor Advisory
http://www.securityfocus.com/bid/94306
Third Party Advisory
VDB Entry
http://www.ibm.com/support/docview.wss?uid=swg21993982
Vendor Advisory
http://www.securityfocus.com/bid/94306
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2.4:*:*:*:*:*:*:*

EPSS

Процентиль: 85%

0.02673

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-3j48-6389-rp2g