CVE-2016-5941 IBM CVE debrief

Who should care

Administrators and security teams responsible for IBM Kenexa LMS or IBM Kenexa LMS on Cloud, especially environments running versions 4.1 through 5.2 listed by NVD.

Technical summary

The issue is a path traversal flaw (CWE-22). According to the CVE description, a remote attacker can send a specially crafted URL request containing ../ sequences to reach files outside the intended web path. NVD’s CVSS vector (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N) indicates network-based exploitation with low attack complexity, some required privileges and user interaction, and high confidentiality impact with no integrity or availability impact recorded in the scoring.

Defensive priority

Medium priority. This is not listed as a Known Exploited Vulnerability in the provided corpus, but it can expose sensitive files. Prioritize remediation sooner if the product is internet-facing or stores sensitive data.

Recommended defensive actions

• Verify whether any IBM Kenexa LMS instances are running affected versions 4.1, 4.2, 4.2.2, 4.2.3, 4.2.4, 5.0, 5.1, or 5.2.
• Apply the IBM fix or mitigation referenced in the vendor advisory linked from NVD.
• Restrict network access to the application where possible, especially from untrusted networks.
• Review web and application logs for suspicious requests containing ../ or similar traversal patterns.
• If exposure is suspected, assess whether sensitive files could have been accessed and rotate credentials or secrets stored on the system as appropriate.

Evidence notes

The CVE description states that IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories using specially crafted URL requests containing dot-dot sequences (/../). NVD lists the weakness as CWE-22 and provides affected CPEs for IBM Kenexa LMS versions 4.1 through 5.2. The NVD record also links to an IBM PSIRT advisory and a SecurityFocus entry as references.

Official resources