Home Unlabelled IBM Security Bulletin: IBM Kenexa LCMS Premier on Cloud is affected by Open Source Commons FileUpload Apache Vulnerabilities

IBM Security Bulletin: IBM Kenexa LCMS Premier on Cloud is affected by Open Source Commons FileUpload Apache Vulnerabilities

By
Tuesday, January 16, 2018
Read
Add Comment

IBM Kenexa LCMS Premier on Cloud has addressed a vulnerability that could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process.

CVE(s): CVE-2016-1000031

Affected product(s) and affected version(s):

9.3, 9.4, 9.5,10.0, 10.1,10.2,11.0,11.1,11.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2Da9Pnn
X-Force Database: http://ift.tt/2hLFPWm

The post IBM Security Bulletin: IBM Kenexa LCMS Premier on Cloud is affected by Open Source Commons FileUpload Apache Vulnerabilities appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2DGdHOh
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us