CNVD-2017-00567

Vulnerability from cnvd - Published: 2017-01-18
VLAI
Title
IBM Kenexa LMS on Cloud目录遍历漏洞(CNVD-2017-00567)
Description
IBM Kenexa LMS on Cloud是美国IBM公司的一套可配置的集成了社交网络、协作和知识分享功能的企业级社交学习管理系统 (LMS)。该系统提供互动功能并支持用户对学习内容进行评价并分享自己的经验等。 IBM Kenexa LMS on Cloud中存在目录遍历漏洞。远程攻击者可通过发送特制的URL请求利用该漏洞浏览系统上的任意文件。
Severity
Patch Name
IBM Kenexa LMS on Cloud目录遍历漏洞(CNVD-2017-00567)的补丁
Patch Description
IBM Kenexa LMS on Cloud是美国IBM公司的一套可配置的集成了社交网络、协作和知识分享功能的企业级社交学习管理系统 (LMS)。该系统提供互动功能并支持用户对学习内容进行评价并分享自己的经验等。 IBM Kenexa LMS on Cloud中存在目录遍历漏洞。远程攻击者可通过发送特制的URL请求利用该漏洞浏览系统上的任意文件。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接: http://www-01.ibm.com/support/docview.wss?uid=swg21992072

Reference
http://www.securityfocus.com/bid/95435
Impacted products
Name
['IBM Kenexa LMS on Cloud 4.1', 'IBM Kenexa LMS on Cloud 4.2', 'IBM Kenexa LMS on Cloud 4.2.2', 'IBM Kenexa LMS on Cloud 4.2.3', 'IBM Kenexa LMS on Cloud 4.2.4', 'IBM Kenexa LMS on Cloud 5.0', 'IBM Kenexa LMS on Cloud 5.1', 'IBM Kenexa LMS on Cloud 5.2']
Show details on source website

{
  "bids": {
    "bid": {
      "bidNumber": "95435"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-8933"
    }
  },
  "description": "IBM Kenexa LMS on Cloud\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u53ef\u914d\u7f6e\u7684\u96c6\u6210\u4e86\u793e\u4ea4\u7f51\u7edc\u3001\u534f\u4f5c\u548c\u77e5\u8bc6\u5206\u4eab\u529f\u80fd\u7684\u4f01\u4e1a\u7ea7\u793e\u4ea4\u5b66\u4e60\u7ba1\u7406\u7cfb\u7edf (LMS)\u3002\u8be5\u7cfb\u7edf\u63d0\u4f9b\u4e92\u52a8\u529f\u80fd\u5e76\u652f\u6301\u7528\u6237\u5bf9\u5b66\u4e60\u5185\u5bb9\u8fdb\u884c\u8bc4\u4ef7\u5e76\u5206\u4eab\u81ea\u5df1\u7684\u7ecf\u9a8c\u7b49\u3002\r\n\r\nIBM Kenexa LMS on Cloud\u4e2d\u5b58\u5728\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684URL\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u6d4f\u89c8\u7cfb\u7edf\u4e0a\u7684\u4efb\u610f\u6587\u4ef6\u3002",
  "discovererName": "IBM",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www-01.ibm.com/support/docview.wss?uid=swg21992072",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-00567",
  "openTime": "2017-01-18",
  "patchDescription": "IBM Kenexa LMS on Cloud\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u53ef\u914d\u7f6e\u7684\u96c6\u6210\u4e86\u793e\u4ea4\u7f51\u7edc\u3001\u534f\u4f5c\u548c\u77e5\u8bc6\u5206\u4eab\u529f\u80fd\u7684\u4f01\u4e1a\u7ea7\u793e\u4ea4\u5b66\u4e60\u7ba1\u7406\u7cfb\u7edf (LMS)\u3002\u8be5\u7cfb\u7edf\u63d0\u4f9b\u4e92\u52a8\u529f\u80fd\u5e76\u652f\u6301\u7528\u6237\u5bf9\u5b66\u4e60\u5185\u5bb9\u8fdb\u884c\u8bc4\u4ef7\u5e76\u5206\u4eab\u81ea\u5df1\u7684\u7ecf\u9a8c\u7b49\u3002\r\n\r\nIBM Kenexa LMS on Cloud\u4e2d\u5b58\u5728\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684URL\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u6d4f\u89c8\u7cfb\u7edf\u4e0a\u7684\u4efb\u610f\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM Kenexa LMS on Cloud\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\uff08CNVD-2017-00567\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM Kenexa LMS on Cloud 4.1",
      "IBM Kenexa LMS on Cloud 4.2",
      "IBM Kenexa LMS on Cloud 4.2.2",
      "IBM Kenexa LMS on Cloud 4.2.3",
      "IBM Kenexa LMS on Cloud 4.2.4",
      "IBM Kenexa LMS on Cloud 5.0",
      "IBM Kenexa LMS on Cloud 5.1",
      "IBM Kenexa LMS on Cloud 5.2"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/95435",
  "serverity": "\u9ad8",
  "submitTime": "2017-01-18",
  "title": "IBM Kenexa LMS on Cloud\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\uff08CNVD-2017-00567\uff09"
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…