CVE-2017-1143 : Security Advisory and Response

IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 is vulnerable to potential exposure of sensitive information due to the failure to enable HTTP Strict Transport Security.

Understanding CVE-2017-1143

This CVE involves a security vulnerability in IBM Kenexa LCMS Premier on Cloud versions 9.x and 10.0, which could allow a remote attacker to obtain sensitive information.

What is CVE-2017-1143?

The vulnerability arises from the lack of proper HTTP Strict Transport Security configuration, enabling attackers to intercept sensitive data through man-in-the-middle attacks.

The Impact of CVE-2017-1143

Exploitation of this vulnerability could result in the exposure of confidential information to malicious actors, compromising data integrity and confidentiality.

Technical Details of CVE-2017-1143

IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 vulnerability details.

Vulnerability Description

The failure to implement HTTP Strict Transport Security in IBM Kenexa LCMS Premier on Cloud versions 9.x and 10.0 allows remote attackers to intercept sensitive data.

Affected Systems and Versions

Product: Kenexa LCMS Premier on Cloud
Vendor: IBM Corporation
Affected Versions: 9.0, 9.1, 9.2, 9.2.1, 9.3.0, 9.4.0, 9.5.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0

Exploitation Mechanism

Attackers can exploit this vulnerability using man-in-the-middle techniques to intercept and obtain sensitive information.

Mitigation and Prevention

Protecting systems from CVE-2017-1143.

Immediate Steps to Take

Apply patches or updates provided by IBM promptly.
Implement proper network encryption and security measures.
Monitor network traffic for any suspicious activities.

Long-Term Security Practices

Regularly update and patch software to address security vulnerabilities.
Conduct security audits and assessments to identify and mitigate risks.

Patching and Updates

IBM may release patches or updates to address the vulnerability; ensure timely installation to secure systems.