CVE-2016-5941: IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing…

medium5.7CVSS 3.0

AVNACLPRLUIRSUCHINAN

IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.

Affected

17 ranges

Vendor	Product	Version range	Fixed in
ibm	kenexa_lms	—	—
ibm	kenexa_lms	—	—
ibm	kenexa_lms	—	—
ibm	kenexa_lms	—	—
ibm	kenexa_lms	—	—
ibm	kenexa_lms	—	—
ibm	kenexa_lms	—	—
ibm	kenexa_lms	—	—
ibm_corporation	kenexa_lms_on_cloud	—	—
ibm_corporation	kenexa_lms_on_cloud	—	—
ibm_corporation	kenexa_lms_on_cloud	—	—
ibm_corporation	kenexa_lms_on_cloud	—	—
ibm_corporation	kenexa_lms_on_cloud	—	—
ibm_corporation	kenexa_lms_on_cloud	—	—
ibm_corporation	kenexa_lms_on_cloud	—	—
ibm_corporation	kenexa_lms_on_cloud	—	—
ibm_corporation	kenexa_lms_on_cloud	—	—