IBM Leads 7.x, 8.1.0 prior to 8.1.0.14, 8.2, 8.5.0 prior to 8.5.0.7.3, 8.6.0 prior to 8.6.0.8.1, 9.0.0 up to and including 9.0.0.4, 9.1.0 prior to 9.1.0.6.1, and 9.1.1 prior to 9.1.1.0.2 does not properly restrict the addition of links, which makes it easier for remote authenticated users to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm leads 7.5.0 |
||
ibm leads 8.1.0 |
||
ibm leads 8.2.0 |
||
ibm leads 8.5.0 |
||
ibm leads 7.1.0 |
||
ibm leads 9.0.0 |
||
ibm leads 9.1.1 |
||
ibm leads 7.1.1 |
||
ibm leads 8.6.0 |
||
ibm leads 9.1.0 |