PT-2015-4488 · Ibm · Ibm Leads
Publicado
2015-06-28
·
Atualizado
2015-06-29
·
CVE-2015-0127
CVSS v2.0
3.5
Baixa
| Vetor | AV:N/AC:M/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Leads versions 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, 9.1.1 before 9.1.1.0.2
Description
The issue allows remote authenticated users to conduct phishing attacks via a crafted web site, due to improper restriction of use of FRAME elements.
Recommendations
For versions 7.x, update to a version outside of the specified range.
For version 8.1.0, update to 8.1.0.14 or later.
For version 8.2, update to a version outside of the specified range.
For versions 8.5.0, update to 8.5.0.7.3 or later.
For versions 8.6.0, update to 8.6.0.8.1 or later.
For versions 9.0.0, update to a version later than 9.0.0.4.
For versions 9.1.0, update to 9.1.0.6.1 or later.
For versions 9.1.1, update to 9.1.1.0.2 or later.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ibm Leads