CVE-2016-6124

Published on: 02/01/2017 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:11 PM UTC

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Certain versions of Kenexa Lms On Cloud from Ibm contain the following vulnerability:

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.

  • CVE-2016-6124 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 8.8 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 6.5 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK LOW SINGLE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
IBM Security Bulletin: Multiple security vulnerabilities have been addressed in LMS 5.0 on Cloud - United States Vendor Advisory
www.ibm.com
text/html
URL Logo CONFIRM www.ibm.com/support/docview.wss?uid=swg21993982
IBM Kenexa LMS on Cloud CVE-2016-6124 Arbitrary File Upload Vulnerability Third Party Advisory
VDB Entry
cve.report (archive)
text/html
URL Logo BID 94306

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationIbmKenexa Lms On Cloud13.1AllAllAll
ApplicationIbmKenexa Lms On Cloud13.2AllAllAll
ApplicationIbmKenexa Lms On Cloud13.2.2AllAllAll
ApplicationIbmKenexa Lms On Cloud13.2.3AllAllAll
ApplicationIbmKenexa Lms On Cloud13.2.4AllAllAll
ApplicationIbmKenexa Lms On Cloud13.1AllAllAll
ApplicationIbmKenexa Lms On Cloud13.2AllAllAll
ApplicationIbmKenexa Lms On Cloud13.2.2AllAllAll
ApplicationIbmKenexa Lms On Cloud13.2.3AllAllAll
ApplicationIbmKenexa Lms On Cloud13.2.4AllAllAll
  • cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2.4:*:*:*:*:*:*:*: