CNVD-2017-05081

Vulnerability from cnvd - Published: 2017-04-24
VLAI
Title
IBM Kenexa LMS on Cloud跨站脚本漏洞
Description
IBM Kenexa LMS on Cloud是美国IBM公司开发的一套可配置的且集成了社交网络、协作和知识分享功能的企业级社交学习管理系统 (LMS)。该系统提供互动功能并支持用户对学习内容进行评价并分享自己的经验等。 IBM Kenexa LMS on Cloud存在跨站脚本漏洞。该漏洞产生的原因是未能对用户提交的数据进行有效过滤,允许攻击者在目标用户的Web UI中植入任意JavaScript代码,获取用户cookie等敏感信息。
Severity
Patch Name
IBM Kenexa LMS on Cloud跨站脚本漏洞的补丁
Patch Description
IBM Kenexa LMS on Cloud是美国IBM公司开发的一套可配置的且集成了社交网络、协作和知识分享功能的企业级社交学习管理系统 (LMS)。该系统提供互动功能并支持用户对学习内容进行评价并分享自己的经验等。 IBM Kenexa LMS on Cloud存在跨站脚本漏洞。该漏洞产生的原因是未能对用户提交的数据进行有效过滤,允许攻击者在目标用户的Web UI中植入任意JavaScript代码,获取用户cookie等敏感信息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

厂商已经发布了升级版本,请广大用户关注官网及时下载更新: https://www.ibm.com/

Reference
http://www.securityfocus.com/bid/97077/info https://nvd.nist.gov/vuln/detail/CVE-2016-8935
Impacted products
Name
['IBM Kenexa LMS on Cloud 4.1', 'IBM Kenexa LMS on Cloud 4.2', 'IBM Kenexa LMS on Cloud 4.2.2', 'IBM Kenexa LMS on Cloud 4.2.3', 'IBM Kenexa LMS on Cloud 4.2.4', 'IBM Kenexa LMS on Cloud 5.0']
Show details on source website

{
  "bids": {
    "bid": {
      "bidNumber": "97077"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-8935"
    }
  },
  "description": "IBM Kenexa LMS on Cloud\u662f\u7f8e\u56fdIBM\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u5957\u53ef\u914d\u7f6e\u7684\u4e14\u96c6\u6210\u4e86\u793e\u4ea4\u7f51\u7edc\u3001\u534f\u4f5c\u548c\u77e5\u8bc6\u5206\u4eab\u529f\u80fd\u7684\u4f01\u4e1a\u7ea7\u793e\u4ea4\u5b66\u4e60\u7ba1\u7406\u7cfb\u7edf (LMS)\u3002\u8be5\u7cfb\u7edf\u63d0\u4f9b\u4e92\u52a8\u529f\u80fd\u5e76\u652f\u6301\u7528\u6237\u5bf9\u5b66\u4e60\u5185\u5bb9\u8fdb\u884c\u8bc4\u4ef7\u5e76\u5206\u4eab\u81ea\u5df1\u7684\u7ecf\u9a8c\u7b49\u3002 \r\n\r\nIBM Kenexa LMS on Cloud\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u4ea7\u751f\u7684\u539f\u56e0\u662f\u672a\u80fd\u5bf9\u7528\u6237\u63d0\u4ea4\u7684\u6570\u636e\u8fdb\u884c\u6709\u6548\u8fc7\u6ee4\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5728\u76ee\u6807\u7528\u6237\u7684Web UI\u4e2d\u690d\u5165\u4efb\u610fJavaScript\u4ee3\u7801\uff0c\u83b7\u53d6\u7528\u6237cookie\u7b49\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "IBM",
  "formalWay": "\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u7248\u672c\uff0c\u8bf7\u5e7f\u5927\u7528\u6237\u5173\u6ce8\u5b98\u7f51\u53ca\u65f6\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\nhttps://www.ibm.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-05081",
  "openTime": "2017-04-24",
  "patchDescription": "IBM Kenexa LMS on Cloud\u662f\u7f8e\u56fdIBM\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u5957\u53ef\u914d\u7f6e\u7684\u4e14\u96c6\u6210\u4e86\u793e\u4ea4\u7f51\u7edc\u3001\u534f\u4f5c\u548c\u77e5\u8bc6\u5206\u4eab\u529f\u80fd\u7684\u4f01\u4e1a\u7ea7\u793e\u4ea4\u5b66\u4e60\u7ba1\u7406\u7cfb\u7edf (LMS)\u3002\u8be5\u7cfb\u7edf\u63d0\u4f9b\u4e92\u52a8\u529f\u80fd\u5e76\u652f\u6301\u7528\u6237\u5bf9\u5b66\u4e60\u5185\u5bb9\u8fdb\u884c\u8bc4\u4ef7\u5e76\u5206\u4eab\u81ea\u5df1\u7684\u7ecf\u9a8c\u7b49\u3002 \r\n\r\nIBM Kenexa LMS on Cloud\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u4ea7\u751f\u7684\u539f\u56e0\u662f\u672a\u80fd\u5bf9\u7528\u6237\u63d0\u4ea4\u7684\u6570\u636e\u8fdb\u884c\u6709\u6548\u8fc7\u6ee4\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5728\u76ee\u6807\u7528\u6237\u7684Web UI\u4e2d\u690d\u5165\u4efb\u610fJavaScript\u4ee3\u7801\uff0c\u83b7\u53d6\u7528\u6237cookie\u7b49\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM Kenexa LMS on Cloud\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM Kenexa LMS on Cloud 4.1",
      "IBM Kenexa LMS on Cloud 4.2",
      "IBM Kenexa LMS on Cloud 4.2.2",
      "IBM Kenexa LMS on Cloud 4.2.3",
      "IBM Kenexa LMS on Cloud 4.2.4",
      "IBM Kenexa LMS on Cloud 5.0"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/97077/info\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8935",
  "serverity": "\u4f4e",
  "submitTime": "2017-03-27",
  "title": "IBM Kenexa LMS on Cloud\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…