CVE-2016-6122Sensitive Information Exposure in Corporation Kenexa LMS ON Cloud

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 60.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Corporation Kenexa LMS ON CloudIBM Kenexa LMS ON Cloud
Timeline
PublishedFeb 1
Latest updateMay 17

Description

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 discloses answers to security questions in a response to authenticated users.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDibm/kenexa_lms_on_cloud5 versions+4
CVEListV5ibm_corporation/kenexa_lms_on_cloud9 versions+8

🔴Vulnerability Details

2
GHSA
GHSA-gm6f-j3pf-qp73: IBM Kenexa LMS on Cloud 132022-05-17
CVEList
CVE-2016-6122: IBM Kenexa LMS on Cloud 132017-02-01
CVE-2016-6122 — Sensitive Information Exposure | cvebase