IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/…/) to view arbitrary files on the system.
CPE | Name | Operator | Version |
---|---|---|---|
kenexa_lms | eq | 5.0 | |
kenexa_lms | eq | 4.2.3 | |
kenexa_lms | eq | 4.2.2 | |
kenexa_lms | eq | 4.1 | |
kenexa_lms | eq | 5.2 | |
kenexa_lms | eq | 5.1 | |
kenexa_lms | eq | 4.2.4 | |
kenexa_lms | eq | 4.2 |