Cross-Site Request Forgery Vulnerability in IBM Leads Products
CVE-2015-0116

Currently unrated

Key Information:

Vendor: IBM
Status: Leads
Vendor: CVE Published:; 28 June 2015

What is CVE-2015-0116?

IBM Leads versions 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, and 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 are susceptible to a security flaw that fails to properly restrict link additions. This oversight allows remote authenticated users to execute cross-site request forgery (CSRF) attacks, potentially compromising user sessions and sensitive information through undefined vectors.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21902807

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 28, 2015
Vulnerability Reserved
Nov 18, 2014