Lucene search
HistoryJun 28, 2015 - 10:59 p.m.
CVE-2015-0115
CVSS2
6
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
AI Score
6.5
Confidence
Low
EPSS
0.001
Percentile
45.0%
Cross-site request forgery (CSRF) vulnerability in IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 allows remote authenticated users to hijack the authentication of customer accounts.
Affected configurations
Node
ibmleadsMatch7.1.0
ORibmleadsMatch7.1.1
ORibmleadsMatch7.5.0
ORibmleadsMatch8.1.0
ORibmleadsMatch8.2.0
ORibmleadsMatch8.5.0
ORibmleadsMatch8.6.0
ORibmleadsMatch9.0.0
ORibmleadsMatch9.1.0
ORibmleadsMatch9.1.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | leads | 7.1.0 | cpe:2.3:a:ibm:leads:7.1.0:*:*:*:*:*:*:* |
| ibm | leads | 7.1.1 | cpe:2.3:a:ibm:leads:7.1.1:*:*:*:*:*:*:* |
| ibm | leads | 7.5.0 | cpe:2.3:a:ibm:leads:7.5.0:*:*:*:*:*:*:* |
| ibm | leads | 8.1.0 | cpe:2.3:a:ibm:leads:8.1.0:*:*:*:*:*:*:* |
| ibm | leads | 8.2.0 | cpe:2.3:a:ibm:leads:8.2.0:*:*:*:*:*:*:* |
| ibm | leads | 8.5.0 | cpe:2.3:a:ibm:leads:8.5.0:*:*:*:*:*:*:* |
| ibm | leads | 8.6.0 | cpe:2.3:a:ibm:leads:8.6.0:*:*:*:*:*:*:* |
| ibm | leads | 9.0.0 | cpe:2.3:a:ibm:leads:9.0.0:*:*:*:*:*:*:* |
| ibm | leads | 9.1.0 | cpe:2.3:a:ibm:leads:9.1.0:*:*:*:*:*:*:* |
| ibm | leads | 9.1.1 | cpe:2.3:a:ibm:leads:9.1.1:*:*:*:*:*:*:* |
Related
prion
prion
Cross site request forgery (csrf)
2015-06-28 22:59:00
cvelist
cvelist
CVE-2015-0115
2015-06-28 22:00:00
cve
cve
CVE-2015-0115
2015-06-28 22:59:01
CVSS2
6
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
AI Score
6.5
Confidence
Low
EPSS
0.001
Percentile
45.0%
Related for NVD:CVE-2015-0115