CVE-2016-5939

Description

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

Affected products

• IBM Corporation / Kenexa LMS on Cloud13.0 – 13.0
• IBM Corporation / Kenexa LMS on Cloud13.1 – 13.1
• IBM Corporation / Kenexa LMS on Cloud13.2 – 13.2
• IBM Corporation / Kenexa LMS on Cloud13.2.2 – 13.2.2
• IBM Corporation / Kenexa LMS on Cloud13.2.3 – 13.2.3
• IBM Corporation / Kenexa LMS on Cloud13.2.4 – 13.2.4
• IBM Corporation / Kenexa LMS on Cloud14.0.0 – 14.0.0
• IBM Corporation / Kenexa LMS on Cloud14.1.0 – 14.1.0
• IBM Corporation / Kenexa LMS on Cloud14.2.0 – 14.2.0

References

• MISChttp://www.ibm.com/support/docview.wss?uid=swg21992129
• MISChttp://www.securityfocus.com/bid/93523