PT-2015-4479 · Ibm · Ibm Leads
Publicado
2015-06-28
·
Atualizado
2016-05-26
·
CVE-2015-0116
CVSS v2.0
3.5
Baixa
| Vetor | AV:N/AC:M/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Leads versions 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, 9.1.1 before 9.1.1.0.2
Description
The issue makes it easier for remote authenticated users to conduct cross-site request forgery (CSRF) attacks via unspecified vectors, due to improper restriction of the addition of links.
Recommendations
For versions 7.x, update to a version after 7.x.
For version 8.1.0, update to 8.1.0.14 or later.
For version 8.2, update to a version after 8.2.
For versions 8.5.0 before 8.5.0.7.3, update to 8.5.0.7.3 or later.
For versions 8.6.0 before 8.6.0.8.1, update to 8.6.0.8.1 or later.
For versions 9.0.0 through 9.0.0.4, update to a version after 9.0.0.4.
For versions 9.1.0 before 9.1.0.6.1, update to 9.1.0.6.1 or later.
For versions 9.1.1 before 9.1.1.0.2, update to 9.1.1.0.2 or later.
Correção
Special Elements Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ibm Leads