CVE-2017-1143Sensitive Information Exposure in Corporation Kenexa Lcms Premier ON Cloud

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 66.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Corporation Kenexa Lcms Premier ON CloudIBM Kenexa Lcms Premier
Timeline
PublishedMar 27
Latest updateMay 17

Description

IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM Reference #: 1998874.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages2 packages

NVDibm/kenexa_lcms_premier9 versions+8

🔴Vulnerability Details

2
GHSA
GHSA-v652-34jm-qx9r: IBM Kenexa LCMS Premier on Cloud 92022-05-17
CVEList
CVE-2017-1143: IBM Kenexa LCMS Premier on Cloud 92017-03-27
CVE-2017-1143 — Sensitive Information Exposure | cvebase