CVE-2017-1143

MEDIUM

IBM Kenexa LCMS Premier on Cloud <10.0 - Info Disclosure

Title source: llm
STIX 2.1

Description

IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM Reference #: 1998874.

References (2)

Core 2
Core References
Mitigation, Vendor Advisory x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg21998874
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/97079

Scores

CVSS v3 5.3
EPSS 0.0014
EPSS Percentile 33.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (20)
ibm/kenexa_lcms_premier 9.1
ibm/kenexa_lcms_premier 9.2
ibm/kenexa_lcms_premier 9.2.1
ibm/kenexa_lcms_premier 9.3
ibm/kenexa_lcms_premier 9.4
ibm/kenexa_lcms_premier 9.5
ibm/kenexa_lcms_premier 10.0
ibm/kenexa_lcms_premier 10.2
ibm/kenexa_lcms_premier 10.3
IBM Corporation/Kenexa LCMS Premier on Cloud 10.0.0
... and 10 more
Published Mar 27, 2017
Tracked Since Feb 18, 2026