CVE-2016-8928

Опубликовано: 01 фев. 2017

Источник: nvd

CVSS3: 7.6

CVSS2: 6.5

EPSS Низкий

Описание

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

Ссылки

http://www.ibm.com/support/docview.wss?uid=swg21992072
Patch
Vendor Advisory
http://www.securityfocus.com/bid/95447
Third Party Advisory
VDB Entry
http://www.ibm.com/support/docview.wss?uid=swg21992072
Patch
Vendor Advisory
http://www.securityfocus.com/bid/95447
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:kenexa_lms:4.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:kenexa_lms:4.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:kenexa_lms:4.2.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:kenexa_lms:4.2.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:kenexa_lms:4.2.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:kenexa_lms:5.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:kenexa_lms:5.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:kenexa_lms:5.2:*:*:*:*:*:*:*

EPSS

Процентиль: 57%

0.00353

Низкий

7.6 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-7r9q-pw5v-pg48