First published: Wed Feb 01 2017(Updated: )
IBM Kenexa LCMS Premier on Cloud could allow an authenticated user to obtain sensitive user data with a specially crafted HTTP request.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Kenexa LCMS Premier | =9.1 | |
IBM Kenexa LCMS Premier | =9.2 | |
IBM Kenexa LCMS Premier | =9.3 | |
IBM Kenexa LCMS Premier | =9.4 | |
IBM Kenexa LCMS Premier | =9.5 | |
IBM Kenexa LCMS Premier | =10.0 | |
IBM Kenexa LCMS Premier | =10.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-5949 has been classified as a medium severity vulnerability due to the potential risk of exposing sensitive user data.
To fix CVE-2016-5949, ensure that you update IBM Kenexa LCMS Premier to the latest available version that addresses this vulnerability.
CVE-2016-5949 could allow an authenticated user to access sensitive user information through a crafted HTTP request.
CVE-2016-5949 affects IBM Kenexa LCMS Premier versions 9.1 through 10.1.
Yes, CVE-2016-5949 can be exploited remotely by an authenticated user with the ability to craft special HTTP requests.