CVE-2016-8929: IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view…

medium5.4CVSS 3.0

AVNACLPRLUINSUCNILAL

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

Affected

20 ranges

Vendor	Product	Version range	Fixed in
ibm	kenexa_lms	—	—
ibm	kenexa_lms	—	—
ibm	kenexa_lms	—	—
ibm	kenexa_lms	—	—
ibm	kenexa_lms	—	—
ibm	kenexa_lms	—	—
ibm	kenexa_lms	—	—
ibm	kenexa_lms	—	—
ibm_corporation	kenexa_lms_on_cloud	—	—
ibm_corporation	kenexa_lms_on_cloud	—	—
ibm_corporation	kenexa_lms_on_cloud	—	—
ibm_corporation	kenexa_lms_on_cloud	—	—
ibm_corporation	kenexa_lms_on_cloud	—	—
ibm_corporation	kenexa_lms_on_cloud	—	—
ibm_corporation	kenexa_lms_on_cloud	—	—
ibm_corporation	kenexa_lms_on_cloud	—	—
ibm_corporation	kenexa_lms_on_cloud	—	—
virustotal	yara	>= 0 < 3.4.0+dfsg-2ubuntu0.1~esm1	3.4.0+dfsg-2ubuntu0.1~esm1
virustotal	yara	>= 0 < 3.7.1-1ubuntu2+esm1	3.7.1-1ubuntu2+esm1
virustotal	yara	>= 0 < 3.9.0-1ubuntu0.1~esm1	3.9.0-1ubuntu0.1~esm1

CVSS provenance

nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

osv7.5HIGH