CVE-2016-8929

Опубликовано: 01 фев. 2017

Источник: nvd

CVSS3: 5.4

CVSS2: 5.5

EPSS Низкий

Описание

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

Ссылки

http://www.ibm.com/support/docview.wss?uid=swg21992072
Patch
Vendor Advisory
http://www.securityfocus.com/bid/95437
Third Party Advisory
VDB Entry
http://www.ibm.com/support/docview.wss?uid=swg21992072
Patch
Vendor Advisory
http://www.securityfocus.com/bid/95437
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:kenexa_lms:4.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:kenexa_lms:4.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:kenexa_lms:4.2.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:kenexa_lms:4.2.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:kenexa_lms:4.2.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:kenexa_lms:5.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:kenexa_lms:5.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:kenexa_lms:5.2:*:*:*:*:*:*:*

EPSS

Процентиль: 51%

0.00275

Низкий

5.4 Medium

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-p83f-8vjf-254c