CVE-2017-1142

CWE-200 — Information Exposure4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 59.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Corporation Kenexa Lcms Premier ON Cloud IBM Kenexa Lcms Premier

Timeline

PublishedMar 27

Latest updateMay 17

Description

IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM Reference #: 1998874.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5ibm_corporation/kenexa_lcms_premier_on_cloud11 versions+10

▶NVDibm/kenexa_lcms_premier9 versions+8

🔴Vulnerability Details

GHSA

GHSA-g48m-88x6-h6mq: IBM Kenexa LCMS Premier on Cloud 9↗2022-05-17

▶

CVEList

CVE-2017-1142: IBM Kenexa LCMS Premier on Cloud 9↗2017-03-27

▶

💥Exploits & PoCs

Exploit-DB

VMware Workstation for Linux 12.5.2 build-4638234 - ALSA Configuration Host Local Privilege Escalation↗2017-05-22

▶