CNVD-2017-00561
Vulnerability from cnvd - Published: 2017-01-18
VLAI
Title
IBM Kenexa LMS on Cloud跨站脚本漏洞(CNVD-2017-00561)
Description
IBM Kenexa LMS on Cloud是美国IBM公司的一套可配置的集成了社交网络、协作和知识分享功能的企业级社交学习管理系统 (LMS)。该系统提供互动功能并支持用户对学习内容进行评价并分享自己的经验等。
IBM Kenexa LMS on Cloud中存在跨站脚本漏洞。攻击者可利用该漏洞在Web UI中注入任意JavaScript代码,泄露信任会话中的证书。
Severity
中
Patch Name
IBM Kenexa LMS on Cloud跨站脚本漏洞(CNVD-2017-00561)的补丁
Patch Description
IBM Kenexa LMS on Cloud是美国IBM公司的一套可配置的集成了社交网络、协作和知识分享功能的企业级社交学习管理系统 (LMS)。该系统提供互动功能并支持用户对学习内容进行评价并分享自己的经验等。
IBM Kenexa LMS on Cloud中存在跨站脚本漏洞。攻击者可利用该漏洞在Web UI中注入任意JavaScript代码,泄露信任会话中的证书。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接: http://www-01.ibm.com/support/docview.wss?uid=swg21992072
Reference
http://www.securityfocus.com/bid/95440
Impacted products
| Name | ['IBM Kenexa LMS on Cloud 4.1', 'IBM Kenexa LMS on Cloud 4.2', 'IBM Kenexa LMS on Cloud 4.2.2', 'IBM Kenexa LMS on Cloud 4.2.3', 'IBM Kenexa LMS on Cloud 4.2.4', 'IBM Kenexa LMS on Cloud 5.0', 'IBM Kenexa LMS on Cloud 5.1', 'IBM Kenexa LMS on Cloud 5.2'] |
|---|
{
"bids": {
"bid": {
"bidNumber": "95440"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2016-5942"
}
},
"description": "IBM Kenexa LMS on Cloud\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u53ef\u914d\u7f6e\u7684\u96c6\u6210\u4e86\u793e\u4ea4\u7f51\u7edc\u3001\u534f\u4f5c\u548c\u77e5\u8bc6\u5206\u4eab\u529f\u80fd\u7684\u4f01\u4e1a\u7ea7\u793e\u4ea4\u5b66\u4e60\u7ba1\u7406\u7cfb\u7edf (LMS)\u3002\u8be5\u7cfb\u7edf\u63d0\u4f9b\u4e92\u52a8\u529f\u80fd\u5e76\u652f\u6301\u7528\u6237\u5bf9\u5b66\u4e60\u5185\u5bb9\u8fdb\u884c\u8bc4\u4ef7\u5e76\u5206\u4eab\u81ea\u5df1\u7684\u7ecf\u9a8c\u7b49\u3002\r\n\r\nIBM Kenexa LMS on Cloud\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728Web UI\u4e2d\u6ce8\u5165\u4efb\u610fJavaScript\u4ee3\u7801\uff0c\u6cc4\u9732\u4fe1\u4efb\u4f1a\u8bdd\u4e2d\u7684\u8bc1\u4e66\u3002",
"discovererName": "IBM",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www-01.ibm.com/support/docview.wss?uid=swg21992072",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-00561",
"openTime": "2017-01-18",
"patchDescription": "IBM Kenexa LMS on Cloud\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u53ef\u914d\u7f6e\u7684\u96c6\u6210\u4e86\u793e\u4ea4\u7f51\u7edc\u3001\u534f\u4f5c\u548c\u77e5\u8bc6\u5206\u4eab\u529f\u80fd\u7684\u4f01\u4e1a\u7ea7\u793e\u4ea4\u5b66\u4e60\u7ba1\u7406\u7cfb\u7edf (LMS)\u3002\u8be5\u7cfb\u7edf\u63d0\u4f9b\u4e92\u52a8\u529f\u80fd\u5e76\u652f\u6301\u7528\u6237\u5bf9\u5b66\u4e60\u5185\u5bb9\u8fdb\u884c\u8bc4\u4ef7\u5e76\u5206\u4eab\u81ea\u5df1\u7684\u7ecf\u9a8c\u7b49\u3002\r\n\r\nIBM Kenexa LMS on Cloud\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728Web UI\u4e2d\u6ce8\u5165\u4efb\u610fJavaScript\u4ee3\u7801\uff0c\u6cc4\u9732\u4fe1\u4efb\u4f1a\u8bdd\u4e2d\u7684\u8bc1\u4e66\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "IBM Kenexa LMS on Cloud\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2017-00561\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"IBM Kenexa LMS on Cloud 4.1",
"IBM Kenexa LMS on Cloud 4.2",
"IBM Kenexa LMS on Cloud 4.2.2",
"IBM Kenexa LMS on Cloud 4.2.3",
"IBM Kenexa LMS on Cloud 4.2.4",
"IBM Kenexa LMS on Cloud 5.0",
"IBM Kenexa LMS on Cloud 5.1",
"IBM Kenexa LMS on Cloud 5.2"
]
},
"referenceLink": "http://www.securityfocus.com/bid/95440",
"serverity": "\u4e2d",
"submitTime": "2017-01-18",
"title": "IBM Kenexa LMS on Cloud\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2017-00561\uff09"
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…