CVE-2016-8931

CWE-284 — Improper Access Control5 documents5 sources

Severity

8.8HIGH

EPSS

2.1%

top 15.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Corporation Kenexa LMS ON Cloud IBM Kenexa LMS

Timeline

PublishedFeb 1

Latest updateMay 17

Description

IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5ibm_corporation/kenexa_lms_on_cloud9 versions+8

▶NVDibm/kenexa_lms8 versions+7

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-3v6r-vhg4-9m9j: IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulne↗2022-05-17

▶

CVEList

CVE-2016-8931: IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulne↗2017-02-01

▶

OSV

libarchive vulnerabilities↗2016-07-14

▶

💬Community

Bugzilla

CVE-2015-8931 libarchive: Undefined behavior (signed integer overflow) in mtree parser↗2016-06-22

▶