Description
IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 does not properly restrict the addition of links, which makes it easier for remote authenticated users to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21902807
Scores
EPSS
0.0083
EPSS Percentile
53.0%
Details
CWE
CWE-74
Status
published
Products (10)
ibm/leads
7.1.0
ibm/leads
7.1.1
ibm/leads
7.5.0
ibm/leads
8.1.0
ibm/leads
8.2.0
ibm/leads
8.5.0
ibm/leads
8.6.0
ibm/leads
9.0.0
ibm/leads
9.1.0
ibm/leads
9.1.1
Published
Jun 28, 2015
Tracked Since
Feb 18, 2026