Security Bulletin: IBM Kenexa LCMS Premier On Premise - CVE-2021-2341 (deferred from Oracle Jul 2021 CPU for Java 7.x)

Summary We have identified that the IBM Kenexa LCMS Premier is affected by one or more security vulnerabilities. These have been addressed in LCMS Premier 14.0 version. Vulnerability Details CVEID: CVE-2021-2341 DESCRIPTION: An unspecified vulnerability in Java SE related to the Networking...

Security Bulletin: IBM Kenexa LCMS Premier On Premise - CVE-2020-14781 (deferred from Oracle Oct 2020 CPU for Java 8)

Summary We have identified that the IBM Kenexa LCMS Premier is affected by one or more security vulnerabilities. These have been addressed in LCMS Premier 14.0 version. Vulnerability Details CVEID: CVE-2020-14781 DESCRIPTION: An unspecified vulnerability in Java SE related to the JNDI component...

Security Bulletin: IBM Kenexa LCMS Premier On Premise - CVE-2020-14782 (deferred from Oracle Oct 2020 CPU for Java 8)

Summary We have identified that the IBM Kenexa LCMS Premier is affected by one or more security vulnerabilities. These have been addressed in LCMS Premier 14.0 version. Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries...

Security Bulletin: IBM Kenexa LCMS Premier On Premise - IBM SDK, Java Technology Edition Quarterly CPU - Oct 2020 - Includes Oracle Oct 2020 CPU

Summary We have identified that the IBM Kenexa LCMS Premier is affected by one or more security vulnerabilities. These have been addressed in LCMS Premier 14.0 version. Vulnerability Details CVEID: CVE-2020-14779 DESCRIPTION: An unspecified vulnerability in Java SE related to the Serialization...

Security Bulletin: IBM Kenexa LCMS Premier On Premise - IBM SDK, Java Technology Edition Quarterly CPU - Jul 2020 - Includes Oracle Jul 2020 CPU plus one additional vulnerability

Summary We have identified that the IBM Kenexa LCMS Premier is affected by one or more security vulnerabilities. These have been addressed in LCMS Premier 14.0 version. Vulnerability Details CVEID: CVE-2020-14583 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries...

Security Bulletin: IBM Kenexa LCMS Premier On Premise - [All] jQuery (Publicly disclosed vulnerability) CVEID: 180875

Summary We have identified that the IBM Kenexa LCMS Premier is affected by one or more security vulnerabilities. These have been addressed in LCMS Premier 14.0 version. Vulnerability Details Third Party Entry: 180875 DESCRIPTION: jQuery cross-site scripting CVSS Base score: 6.1 CVSS Temporal Scor...

Security Bulletin: IBM Kenexa LCMS Premier On Premise - [All] jQuery (Publicly disclosed vulnerability) CVE-2020-11023, CVE-2020-11022

Summary We have identified that the IBM Kenexa LCMS Premier is affected by one or more security vulnerabilities. These have been addressed in LCMS Premier 14.0 version. Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper...

Security Bulletin: IBM Kenexa LCMS Premier On Premise - IBM SDK, Java Technology Edition Quarterly CPU - Apr 2020 - Includes Oracle Apr 2020 CPU

Summary We have identified that the IBM Kenexa LCMS Premier is affected by one or more security vulnerabilities. These have been addressed in LCMS Premier 14.0 version. Vulnerability Details CVEID: CVE-2020-2805 DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE Libraries...

Security Bulletin: IBM Kenexa LCMS Premier On Premise - IBM SDK, Java Technology Edition Quarterly CPU - Jan 2020 - Includes Oracle Jan 2020 CPU

Summary We have identified that the IBM Kenexa LCMS Premier is affected by one or more security vulnerabilities. These have been addressed in LCMS Premier version 14.0 Vulnerability Details CVEID: CVE-2019-4732 DESCRIPTION: IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0...

Security Bulletin: IBM Kenexa LCMS Premier On Premise - IBM SDK, Java Technology Edition Quarterly CPU - Jul 2019 - Includes Oracle Jul 2019 CPU

Summary We have identified that the IBM Kenexa LCMS Premier is affected by one or more security vulnerabilities. These have been addressed in LCMS Premier version 13.3 and above. Vulnerability Details CVEID: CVE-2019-2816 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the...

Security Bulletin: IBM Kenexa LCMS Premier on Premise| IBM SDK, Java Technology Edition Apr 2018 and Jul 2018 (CVE-2018-2783, CVE-2018-2952, CVE-2018-1517)

Summary We have identified that the IBM Kenexa LCMS Premier is affected by one or more security vulnerabilities. Fixes for these vulnerabilities are included in LCMS Premier version 12.3 and above . If you have any of the affected versions and are an On Premise customer , please consider upgradin...

Security Bulletin: IBM Kenexa LCMS Premier on Cloud is affected by a SQL Injection via External Service Interaction

Summary IBM Kenexa LCMS Premier on Cloud has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2017-1797 DESCRIPTION: IBM LCMS Premier on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to...

Security Bulletin: IBM Kenexa LCMS Premier on Cloud is affected by Open Source Commons FileUpload Apache Vulnerabilities

Summary IBM Kenexa LCMS Premier on Cloud has addressed a vulnerability that could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to...

Security Bulletin: Multiple Security Vulnerabilties have been addressed in LCMS Premier on Cloud 11.0

Summary Multiple Security Vulnerabilties have been addressed in LCMS Premier on Cloud 11.0 Vulnerability Details CVEID: CVE-2017-1142 DESCRIPTION: IBM Kenexa LCMS Premier on Cloud could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the...

Security Bulletin: IBM Kenexa LCMS Premier on Cloud has addressed (CVE-2016-5949)

Summary IBM Kenexa LCMS Premier on Cloud 10.1 has addressed a vulnerability that could allow an authenticated user to obtain sensitive user data with specically crafted HTTP request Vulnerability Details CVEID: CVE-2016-5949 DESCRIPTION: IBM Kenexa LCMS Premier on Cloud could allow an authenticat...

Security Bulletin: Multiple Security Vulnerabilities have been addressed in LCMS Premier 10.3

Summary Multiple Security Vulnerabilties have been addressed in LCMS Premier on Cloud 10.3 Vulnerability Details CVEID: CVE-2016-5948 DESCRIPTION: IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web ...

Security Bulletin: A vulnerability in Open Source BeanShell has been addressed by IBM Kenexa LCMS Premier (CVE-2016-2510)

Summary A vulnerability in Open Source BeanShell has been addressed by LCMS Premier Vulnerability Details CVEID: CVE-2016-2510 DESCRIPTION: BeanShell could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data using Java serialization or...

Security Bulletin: Multiple Security Vulnerabilities have been addressed in LCMS Premier on Cloud 10.1

Summary Multiple Security Vulnerabilities have been addressed in LCMS Premier on Cloud 10.1 Vulnerability Details Relevant CVE Information: CVEID: CVE-2016-5952 DESCRIPTION: IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL...

Information disclosure

IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to...

CVE-2017-1143

IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IB...