CVE-2016-8913

Published: Feb 1, 2017Modified: May 13, 2026

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

Affected (5)

Products: Ibm: Kenexa Lms On Cloud

1 product

Kenexa Lms On Cloud

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Ibm Kenexa Lms On Cloud	Version 13.1
Ibm Kenexa Lms On Cloud	Version 13.2.2
Ibm Kenexa Lms On Cloud	Version 13.2.3
Ibm Kenexa Lms On Cloud	Version 13.2.4
Ibm Kenexa Lms On Cloud	Version 13.2

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (4)

http://www.ibm.com/support/docview.wss?uid=swg21993982

Source: psirt@us.ibm.com

Vendor Advisory

http://www.securityfocus.com/bid/94304

Source: psirt@us.ibm.com

Third Party AdvisoryVDB Entry

http://www.ibm.com/support/docview.wss?uid=swg21993982

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/94304

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.