Description
Cross-site request forgery (CSRF) vulnerability in IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 allows remote authenticated users to hijack the authentication of customer accounts.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21902807
Scores
EPSS
0.0049
EPSS Percentile
38.6%
Details
CWE
CWE-352
Status
published
Products (10)
ibm/leads
7.1.0
ibm/leads
7.1.1
ibm/leads
7.5.0
ibm/leads
8.1.0
ibm/leads
8.2.0
ibm/leads
8.5.0
ibm/leads
8.6.0
ibm/leads
9.0.0
ibm/leads
9.1.0
ibm/leads
9.1.1
Published
Jun 28, 2015
Tracked Since
Feb 18, 2026