CNVD-2017-00568

Vulnerability from cnvd - Published: 2017-01-18
VLAI
Title
IBM Kenexa LMS on Cloud任意代码执行漏洞
Description
IBM Kenexa LMS on Cloud是美国IBM公司的一套可配置的集成了社交网络、协作和知识分享功能的企业级社交学习管理系统 (LMS)。该系统提供互动功能并支持用户对学习内容进行评价并分享自己的经验等。 IBM Kenexa LMS on Cloud中存在安全漏洞。远程攻击者可利用该漏洞向受影响Web服务器上传任意文件,在受影响的服务器上执行任意代码。
Severity
Patch Name
IBM Kenexa LMS on Cloud任意代码执行漏洞的补丁
Patch Description
IBM Kenexa LMS on Cloud是美国IBM公司的一套可配置的集成了社交网络、协作和知识分享功能的企业级社交学习管理系统 (LMS)。该系统提供互动功能并支持用户对学习内容进行评价并分享自己的经验等。 IBM Kenexa LMS on Cloud中存在安全漏洞。远程攻击者可利用该漏洞向受影响Web服务器上传任意文件,在受影响的服务器上执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接: http://www-01.ibm.com/support/docview.wss?uid=swg21992072

Reference
http://www.securityfocus.com/bid/95443
Impacted products
Name
['IBM Kenexa LMS on Cloud 4.1', 'IBM Kenexa LMS on Cloud 4.2', 'IBM Kenexa LMS on Cloud 4.2.2', 'IBM Kenexa LMS on Cloud 4.2.3', 'IBM Kenexa LMS on Cloud 4.2.4', 'IBM Kenexa LMS on Cloud 5.0', 'IBM Kenexa LMS on Cloud 5.1', 'IBM Kenexa LMS on Cloud 5.2']
Show details on source website

{
  "bids": {
    "bid": {
      "bidNumber": "95443"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-8932"
    }
  },
  "description": "IBM Kenexa LMS on Cloud\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u53ef\u914d\u7f6e\u7684\u96c6\u6210\u4e86\u793e\u4ea4\u7f51\u7edc\u3001\u534f\u4f5c\u548c\u77e5\u8bc6\u5206\u4eab\u529f\u80fd\u7684\u4f01\u4e1a\u7ea7\u793e\u4ea4\u5b66\u4e60\u7ba1\u7406\u7cfb\u7edf (LMS)\u3002\u8be5\u7cfb\u7edf\u63d0\u4f9b\u4e92\u52a8\u529f\u80fd\u5e76\u652f\u6301\u7528\u6237\u5bf9\u5b66\u4e60\u5185\u5bb9\u8fdb\u884c\u8bc4\u4ef7\u5e76\u5206\u4eab\u81ea\u5df1\u7684\u7ecf\u9a8c\u7b49\u3002\r\n\r\nIBM Kenexa LMS on Cloud\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5411\u53d7\u5f71\u54cdWeb\u670d\u52a1\u5668\u4e0a\u4f20\u4efb\u610f\u6587\u4ef6\uff0c\u5728\u53d7\u5f71\u54cd\u7684\u670d\u52a1\u5668\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "IBM",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www-01.ibm.com/support/docview.wss?uid=swg21992072",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-00568",
  "openTime": "2017-01-18",
  "patchDescription": "IBM Kenexa LMS on Cloud\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u53ef\u914d\u7f6e\u7684\u96c6\u6210\u4e86\u793e\u4ea4\u7f51\u7edc\u3001\u534f\u4f5c\u548c\u77e5\u8bc6\u5206\u4eab\u529f\u80fd\u7684\u4f01\u4e1a\u7ea7\u793e\u4ea4\u5b66\u4e60\u7ba1\u7406\u7cfb\u7edf (LMS)\u3002\u8be5\u7cfb\u7edf\u63d0\u4f9b\u4e92\u52a8\u529f\u80fd\u5e76\u652f\u6301\u7528\u6237\u5bf9\u5b66\u4e60\u5185\u5bb9\u8fdb\u884c\u8bc4\u4ef7\u5e76\u5206\u4eab\u81ea\u5df1\u7684\u7ecf\u9a8c\u7b49\u3002\r\n\r\nIBM Kenexa LMS on Cloud\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5411\u53d7\u5f71\u54cdWeb\u670d\u52a1\u5668\u4e0a\u4f20\u4efb\u610f\u6587\u4ef6\uff0c\u5728\u53d7\u5f71\u54cd\u7684\u670d\u52a1\u5668\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM Kenexa LMS on Cloud\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM Kenexa LMS on Cloud 4.1",
      "IBM Kenexa LMS on Cloud 4.2",
      "IBM Kenexa LMS on Cloud 4.2.2",
      "IBM Kenexa LMS on Cloud 4.2.3",
      "IBM Kenexa LMS on Cloud 4.2.4",
      "IBM Kenexa LMS on Cloud 5.0",
      "IBM Kenexa LMS on Cloud 5.1",
      "IBM Kenexa LMS on Cloud 5.2"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/95443",
  "serverity": "\u9ad8",
  "submitTime": "2017-01-18",
  "title": "IBM Kenexa LMS on Cloud\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…