Cross-Site Request Forgery Vulnerability in IBM Leads Products
CVE-2015-0116

Currently unrated

Key Information:

Vendor: IBM
Status: Leads
Vendor: CVE Published:; 28 June 2015

Summary

IBM Leads versions 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, and 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 are susceptible to a security flaw that fails to properly restrict link additions. This oversight allows remote authenticated users to execute cross-site request forgery (CSRF) attacks, potentially compromising user sessions and sensitive information through undefined vectors.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21902807

x_refsource_CONFIRM

Timeline

Vulnerability published
Jun 28, 2015
Vulnerability Reserved
Nov 18, 2014