CVE-2016-8932

Опубликовано: 01 фев. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.

Ссылки

http://www.ibm.com/support/docview.wss?uid=swg21992072
Patch
Vendor Advisory
http://www.securityfocus.com/bid/95443
Third Party Advisory
VDB Entry
http://www.ibm.com/support/docview.wss?uid=swg21992072
Patch
Vendor Advisory
http://www.securityfocus.com/bid/95443
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:kenexa_lms:4.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:kenexa_lms:4.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:kenexa_lms:4.2.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:kenexa_lms:4.2.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:kenexa_lms:4.2.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:kenexa_lms:5.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:kenexa_lms:5.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:kenexa_lms:5.2:*:*:*:*:*:*:*

EPSS

Процентиль: 84%

0.0212

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-284

Связанные уязвимости

GHSA-pvcq-89fj-q56f