Skip to main content

Kenexa Lcms Premier

11 CVEs product

Monthly

CVE-2017-1143 MEDIUM This Month

IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Kenexa Lcms Premier
NVD
CVSS 3.0
5.3
EPSS
0.1%
CVE-2017-1142 MEDIUM This Month

IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Kenexa Lcms Premier
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-9994 HIGH PATCH This Week

IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Kenexa Lcms Premier
NVD
CVSS 3.0
7.1
EPSS
0.2%
CVE-2016-9993 HIGH PATCH This Week

IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Kenexa Lcms Premier
NVD
CVSS 3.0
7.1
EPSS
0.2%
CVE-2016-9992 HIGH PATCH This Week

IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Kenexa Lcms Premier
NVD
CVSS 3.0
7.1
EPSS
0.2%
CVE-2016-5952 HIGH PATCH This Week

IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Kenexa Lcms Premier
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2016-5951 MEDIUM PATCH This Month

IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Kenexa Lcms Premier
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-5950 MEDIUM PATCH This Month

IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in clear text which can be read by an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Kenexa Lcms Premier
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2016-5949 MEDIUM PATCH This Month

IBM Kenexa LCMS Premier on Cloud could allow an authenticated user to obtain sensitive user data with a specially crafted HTTP request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Kenexa Lcms Premier
NVD
CVSS 3.0
4.3
EPSS
0.5%
CVE-2016-5948 MEDIUM PATCH This Month

IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Kenexa Lcms Premier
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-5937 HIGH PATCH This Week

IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Kenexa Lcms Premier
NVD
CVSS 3.0
8.8
EPSS
0.2%
EPSS 0% CVSS 5.3
MEDIUM This Month

IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Kenexa Lcms Premier
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Kenexa Lcms Premier
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Kenexa Lcms Premier
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Kenexa Lcms Premier
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Kenexa Lcms Premier
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Kenexa Lcms Premier
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Kenexa Lcms Premier
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in clear text which can be read by an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Kenexa Lcms Premier
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

IBM Kenexa LCMS Premier on Cloud could allow an authenticated user to obtain sensitive user data with a specially crafted HTTP request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Kenexa Lcms Premier
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Kenexa Lcms Premier
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Kenexa Lcms Premier
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy