CVE-2016-9994

CWE-89SQL Injection3 documents3 sources
Severity
7.1HIGH
EPSS
0.2%
top 62.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Corporation Kenexa Lcms Premier ON CloudIBM Kenexa Lcms Premier
Timeline
PublishedMar 1
Latest updateMay 17

Description

IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1976805.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:NExploitability: 2.8 | Impact: 4.2

Affected Packages2 packages

NVDibm/kenexa_lcms_premier8 versions+7

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-4w3j-8hm6-fjqq: IBM Kenexa LCMS Premier on Cloud 92022-05-17
CVEList
CVE-2016-9994: IBM Kenexa LCMS Premier on Cloud 92017-03-01
CVE-2016-9994 (HIGH CVSS 7.1) | IBM Kenexa LCMS Premier on Cloud 9. | cvebase.io