CVE-2016-5941

MEDIUM

IBM Kenexa LMS - Path Traversal

Title source: llm

Description

IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.

References (2)

[Patch, Vendor Advisory] http://www.ibm.com/support/docview.wss?uid=swg21992072

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/95438

Scores

CVSS v3 5.7

EPSS 0.0047

EPSS Percentile 64.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Classification

CWE

CWE-22

Status published

Affected Products (17)

ibm/kenexa_lms

IBM Corporation/Kenexa LMS on Cloud < 13.0

IBM Corporation/Kenexa LMS on Cloud < 13.1

IBM Corporation/Kenexa LMS on Cloud < 13.2

IBM Corporation/Kenexa LMS on Cloud < 13.2.2

IBM Corporation/Kenexa LMS on Cloud < 13.2.3

IBM Corporation/Kenexa LMS on Cloud < 13.2.4

IBM Corporation/Kenexa LMS on Cloud < 14.0.0

... and 2 more

Timeline

Published Feb 01, 2017

Tracked Since Feb 18, 2026