CVE-2016-8911

Published: Feb 1, 2017Modified: May 13, 2026

5.4

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.

Affected (5)

Products: Ibm: Kenexa Lms On Cloud

Ibm

1 product

Kenexa Lms On Cloud

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Ibm Kenexa Lms On Cloud	Version 13.1
Ibm Kenexa Lms On Cloud	Version 13.2.2
Ibm Kenexa Lms On Cloud	Version 13.2.3
Ibm Kenexa Lms On Cloud	Version 13.2.4
Ibm Kenexa Lms On Cloud	Version 13.2

Related CWEs

CWE-254

References (4)

http://www.ibm.com/support/docview.wss?uid=swg21993982

Source: psirt@us.ibm.com

Vendor Advisory

http://www.securityfocus.com/bid/94325

Source: psirt@us.ibm.com

Technical DescriptionVDB Entry

http://www.ibm.com/support/docview.wss?uid=swg21993982

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/94325

Source: af854a3a-2127-422b-91ae-364da2661108

Technical DescriptionVDB Entry

Timeline

No history available yet.