Cross-Site Request Forgery (CSRF) Vulnerability in IBM Leads

Cross-Site Request Forgery (CSRF) Vulnerability in IBM Leads

CVE-2015-0116 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 does not properly restrict the addition of links, which makes it easier for remote authenticated users to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.

Learn more about our User Device Pen Test.