PT-2015-4479 · Ibm · Ibm Leads
Published
2015-06-28
·
Updated
2016-05-26
·
CVE-2015-0116
CVSS v2.0
3.5
Low
| Vector | AV:N/AC:M/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Leads versions 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, 9.1.1 before 9.1.1.0.2
Description
The issue makes it easier for remote authenticated users to conduct cross-site request forgery (CSRF) attacks via unspecified vectors, due to improper restriction of the addition of links.
Recommendations
For versions 7.x, update to a version after 7.x.
For version 8.1.0, update to 8.1.0.14 or later.
For version 8.2, update to a version after 8.2.
For versions 8.5.0 before 8.5.0.7.3, update to 8.5.0.7.3 or later.
For versions 8.6.0 before 8.6.0.8.1, update to 8.6.0.8.1 or later.
For versions 9.0.0 through 9.0.0.4, update to a version after 9.0.0.4.
For versions 9.1.0 before 9.1.0.6.1, update to 9.1.0.6.1 or later.
For versions 9.1.1 before 9.1.1.0.2, update to 9.1.1.0.2 or later.
Fix
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Leads