Lucene search

IbmCVE-2016-8929

HistoryFeb 01, 2017 - 10:59 p.m.

CVE-2016-8929

2017-02-0122:59:00

CWE-89

ibm

web.nvd.nist.gov

ibm kenexa

lms

cloud

sql injection

vulnerability

security

nvd

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

39.6%

JSON

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

Affected configurations

Nvd

Vulners

Node

ibmkenexa_lmsMatch4.1

ibmkenexa_lmsMatch4.2

ibmkenexa_lmsMatch4.2.2

ibmkenexa_lmsMatch4.2.3

ibmkenexa_lmsMatch4.2.4

ibmkenexa_lmsMatch5.0

ibmkenexa_lmsMatch5.1

ibmkenexa_lmsMatch5.2

VendorProductVersionCPE
ibmkenexa_lms4.1cpe:2.3:a:ibm:kenexa_lms:4.1:*:*:*:*:*:*:*
ibmkenexa_lms4.2cpe:2.3:a:ibm:kenexa_lms:4.2:*:*:*:*:*:*:*
ibmkenexa_lms4.2.2cpe:2.3:a:ibm:kenexa_lms:4.2.2:*:*:*:*:*:*:*
ibmkenexa_lms4.2.3cpe:2.3:a:ibm:kenexa_lms:4.2.3:*:*:*:*:*:*:*
ibmkenexa_lms4.2.4cpe:2.3:a:ibm:kenexa_lms:4.2.4:*:*:*:*:*:*:*
ibmkenexa_lms5.0cpe:2.3:a:ibm:kenexa_lms:5.0:*:*:*:*:*:*:*
ibmkenexa_lms5.1cpe:2.3:a:ibm:kenexa_lms:5.1:*:*:*:*:*:*:*
ibmkenexa_lms5.2cpe:2.3:a:ibm:kenexa_lms:5.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	kenexa_lms	4.1	cpe:2.3:a:ibm:kenexa_lms:4.1:::::::*
ibm	kenexa_lms	4.2	cpe:2.3:a:ibm:kenexa_lms:4.2:::::::*
ibm	kenexa_lms	4.2.2	cpe:2.3:a:ibm:kenexa_lms:4.2.2:::::::*
ibm	kenexa_lms	4.2.3	cpe:2.3:a:ibm:kenexa_lms:4.2.3:::::::*
ibm	kenexa_lms	4.2.4	cpe:2.3:a:ibm:kenexa_lms:4.2.4:::::::*
ibm	kenexa_lms	5.0	cpe:2.3:a:ibm:kenexa_lms:5.0:::::::*
ibm	kenexa_lms	5.1	cpe:2.3:a:ibm:kenexa_lms:5.1:::::::*
ibm	kenexa_lms	5.2	cpe:2.3:a:ibm:kenexa_lms:5.2:::::::*

CNA Affected

[
  {
    "product": "Kenexa LMS on Cloud",
    "vendor": "IBM Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "13.0"
      },
      {
        "status": "affected",
        "version": "13.1"
      },
      {
        "status": "affected",
        "version": "13.2"
      },
      {
        "status": "affected",
        "version": "13.2.2"
      },
      {
        "status": "affected",
        "version": "13.2.3"
      },
      {
        "status": "affected",
        "version": "13.2.4"
      },
      {
        "status": "affected",
        "version": "14.0.0"
      },
      {
        "status": "affected",
        "version": "14.1.0"
      },
      {
        "status": "affected",
        "version": "14.2.0"
      }
    ]
  }
]

References

www.ibm.com/support/docview.wss?uid=swg21992072

www.securityfocus.com/bid/95437

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

39.6%

JSON

Related for CVE-2016-8929