Cross-Site Request Forgery Vulnerability in IBM Leads Products
CVE-2015-0116

Currently unrated

Key Information:

Vendor
IBM
Status
Vendor
CVE Published:
28 June 2015

Summary

IBM Leads versions 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, and 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 are susceptible to a security flaw that fails to properly restrict link additions. This oversight allows remote authenticated users to execute cross-site request forgery (CSRF) attacks, potentially compromising user sessions and sensitive information through undefined vectors.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.