Cross-Site Request Forgery Vulnerability in IBM Leads Products
CVE-2015-0116

Currently unrated

Key Information:

Vendor
IBM
Status
Leads
Vendor
CVE Published:
28 June 2015

Summary

IBM Leads versions 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, and 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 are susceptible to a security flaw that fails to properly restrict link additions. This oversight allows remote authenticated users to execute cross-site request forgery (CSRF) attacks, potentially compromising user sessions and sensitive information through undefined vectors.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21902807
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.