PatchSiren

PatchSiren cyber security CVE debrief

CVE-2016-6126 IBM CVE debrief

CVE-2016-6126 is a path traversal vulnerability in IBM Kenexa LMS on Cloud. A remote attacker could use specially crafted URL requests containing dot-dot sequences (/../) to access files outside the intended directory scope and view arbitrary files on the system. The affected versions listed by NVD are IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, and 13.2.4.

Vendor
IBM
Product
CVE-2016-6126
CVSS
MEDIUM 6.5
CISA KEV
Not listed in stored evidence
Original CVE published
2017-02-01
Original CVE updated
2026-05-13
Advisory published
2017-02-01
Advisory updated
2026-05-13

Who should care

Administrators and security teams responsible for IBM Kenexa LMS on Cloud deployments should review this issue, especially if they still run any affected version listed in the NVD record. Application owners, platform operators, and responders handling file exposure or unexpected content-access incidents should also care.

Technical summary

NVD classifies the issue as CWE-22 (path traversal). The CVSS v3.0 vector is AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating network-based exploitation, low attack complexity, no user interaction, and high confidentiality impact. The published description states that specially crafted URL requests containing /../ sequences could allow arbitrary file viewing. The record ties the vulnerability to IBM Kenexa LMS on Cloud versions 13.1 through 13.2.4.

Defensive priority

Medium. This is a confidentiality-impacting file disclosure issue with network reachability and low attack complexity, so it should be prioritized for remediation on any affected IBM Kenexa LMS on Cloud instance.

Recommended defensive actions

  • Confirm whether any IBM Kenexa LMS on Cloud deployment matches the affected versions listed by NVD: 13.1, 13.2, 13.2.2, 13.2.3, or 13.2.4.
  • Review the IBM vendor advisory for remediation guidance and apply vendor-recommended updates or compensating controls.
  • Restrict access to the application to trusted users and networks until remediation is complete, if that aligns with your operational requirements.
  • Monitor logs for unusual URL patterns that include traversal sequences such as /../ and investigate unexpected file-access attempts.
  • Validate that sensitive files are not exposed through application routing or misconfigured web paths after remediation.

Evidence notes

The debrief is based only on the supplied NVD/CVE corpus and linked vendor references. NVD identifies the weakness as CWE-22 and lists affected IBM Kenexa LMS on Cloud versions 13.1, 13.2, 13.2.2, 13.2.3, and 13.2.4. The CVSS v3.0 vector is AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, and the description states that crafted URL requests containing /../ sequences could expose arbitrary files. Published date used here is 2017-02-01; the later 2026-05-13 modified timestamp is metadata, not the issue date.

Official resources

Publicly disclosed in the CVE record on 2017-02-01. The NVD record was last modified on 2026-05-13, which is metadata only and not the original disclosure date.