CVE-2016-8933: IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing…

medium6.5CVSS 3.0

AVNACLPRLUINSUCHINAN

IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.

Affected

19 ranges

Vendor	Product	Version range	Fixed in
ibm	kenexa_lms	—	—
ibm	kenexa_lms	—	—
ibm	kenexa_lms	—	—
ibm	kenexa_lms	—	—
ibm	kenexa_lms	—	—
ibm	kenexa_lms	—	—
ibm	kenexa_lms	—	—
ibm	kenexa_lms	—	—
ibm_corporation	kenexa_lms_on_cloud	—	—
ibm_corporation	kenexa_lms_on_cloud	—	—
ibm_corporation	kenexa_lms_on_cloud	—	—
ibm_corporation	kenexa_lms_on_cloud	—	—
ibm_corporation	kenexa_lms_on_cloud	—	—
ibm_corporation	kenexa_lms_on_cloud	—	—
ibm_corporation	kenexa_lms_on_cloud	—	—
ibm_corporation	kenexa_lms_on_cloud	—	—
ibm_corporation	kenexa_lms_on_cloud	—	—
libarchive	libarchive	>= 0 < 3.1.2-7ubuntu2.3	3.1.2-7ubuntu2.3
libarchive	libarchive	>= 0 < 3.1.2-11ubuntu0.16.04.2	3.1.2-11ubuntu0.16.04.2

CVSS provenance

nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

osv6.5MEDIUM