Cross-Site Request Forgery Vulnerability in IBM Leads Products
CVE-2015-0116
Currently unrated
Summary
IBM Leads versions 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, and 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 are susceptible to a security flaw that fails to properly restrict link additions. This oversight allows remote authenticated users to execute cross-site request forgery (CSRF) attacks, potentially compromising user sessions and sensitive information through undefined vectors.
References
Timeline
Vulnerability published
Vulnerability Reserved